New Mac flaws fixed

By on

For the second time in as many weeks, Apple has issued a security update fixing critical vulnerabilities on the Mac OS 10.4.5 that could lead to security bypass and system access from remote locations.

Secunia vulnerability monitoring service rated the flaws "extremely critical" in an advisory today.

In its latest update, the computing giant offers fixes for three flaws, which include a problem with the Safari web browser that could allow arbitrary code to be executed when a user visits a malicious web site.

The first update of the year, issued earlier this month, "addressed an issue where Safari could automatically open a file that appears to be a safe file type, such as an image or a movie, but is actually an application," according to Apple.

This latest patch "provides additional checks to identify variations of the malicious file types addressed in (the first security update) so that they are not automatically opened."

The update, modified on Monday, also corrects a flaw that allows malicious documents containing JavaScript to bypass security restrictions when they are loaded from a remote site. A third fix provides additional testing for maliciously crafted Mail attachments that, when double clicked, could cause a buffer overflow.

The update also removes unnecessary warnings for Mac OS X users who download safe file types, such as Word documents and folders containing custom icons. 

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?