Apple has issued security fixes for 13 components of its OS X operating system.
A flaw in the OS X CoreGraphics component is the most serious, as it could allow an attacker to remotely execute code through a specially-crafted PDF file. The vulnerability only affects OS X 10.4.9 and OS X Server 10.4.9.
Apple did not say whether the code execution is confined to the limited privileges of the current user, or whether attackers could execute code at the root level.
Attackers could also target OS X's 'file' for remote code execution. This vulnerability affects all versions of Mac OS X 10.3 and 10.4. No other components suffered from remote execution vulnerabilities.
A flaw in Fetchmail could allow attackers to steal a user's email password. Fetchmail is used to download emails into a user's local machine, and Apple said that the component may not adequately encrypt the password.
Vulnerabilities in Apple's iChat messaging software and mDNSResponder were also patched. Both vulnerabilities could be exploited to remotely execute code, but would require the attacker to be on a local network with the target machine.
Apple also fixed a vulnerability in the way that OS X handles disk images. By convincing a user to mount two identically-named disk images, an attacker could disguise a piece of malicious software as a legitimate application or document.
The security update is available through Apple's software update system component or as a download from the company's website.
Apple issues 13 security fixes
By Shaun Nichols on May 28, 2007 11:14AM