Apple fixes five Mac OS X

By

Apple has offered fixes for five critical vulnerabilities unveiled during January's Month of Apple Bugs (MoAB) project.


Thursday’s security update, Apple’s second of the year, affects Macintosh OS X versions 13.9 and 14.8.

The patches seal a hole in Finder, which can be exploited to cause an application crash or run arbitrary code if a user is duped into mounting a maliciously crafted disk image. Finder is an application that controls Mac desktop processes.

The update also corrects two null-pointer errors in the instant messenger client, iChat, which could be exploited to create an application crash.

Another iChat fix resolves a format string vulnerability that, if a user clicks on the maliciously crafted URL, could lead to arbitrary code execution.

The final patch seals up a privilege-escalation condition in which the UserNotificationCenter can be exploited to allow a local user to overwrite or change system files.

All of the bugs contained proof-of-concept code published in LMH’s and Kevin Finisterre’s MoAB project. The undertaking’s purpose was to raise awareness about holes in Mac OS X, LMH has said.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?