Apple releases OS X update, fixes 13 flaws

By on
Apple releases OS X update, fixes 13 flaws

Fifth OS update of the year.

Apple has issued an update to Mac OS X to fix 13 vulnerabilities, including one that is similar to the “jailbreak” flaw already patched in its mobile operating system.

The update affects client and server versions of Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard).

It includes a fix for a stack buffer overflow bug in Apple Type Services' handling of embedded fonts, which may lead to arbitrary code execution, according to Apple's advisory. The vulnerability could be exploited if a user is tricked into viewing or downloading a document containing a maliciously crafted embedded font.

The flaw is similar to a vulnerability patched earlier this month in Apple's mobile operating system, iOS, that was exploited to jailbreak iPhone, iPad and iPod Touch devices, researchers at Mac security firm Intego wrote in a blog post.

The update also includes fixes for bugs in several other OS X components, including CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP and Samba. Those vulnerabilities could allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain, according to an advisory posted by US-CERT.

This is the fifth OS X security update this year.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?