The flaws -- rated "highly critical" by tracking firm Secunia -- are spread out across a number of operating system components: Alias Manager, Core Types, C++filt, Dock, Launch Services, Net-SNMP, Ruby, SMB File Server, System Configuration, Tomcat, VPN and WebKit.
The largest number of holes -- nine -- reside in Tomcat, an application server that that executes Java programs used to create dynamic web pages.
Additionally, the update fixed six flaws in the open-source Ruby programming language.
Apple additionally plugged a memory corruption vulnerability relating to the handling of JavaScript in Safari 3.
Apple apparently did not fix a vulnerability in its ARDAgent (Apple Remote Desktop) that allows programs to run as root due to an error in the processing of AppleScripts, a Mac programming language. The hole gave rise to an alleged in-the-wild trojan.
See original article on scmagazineus.com
_(23).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0){kind=logo}
_(28).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
