
Among the patches released on Thursday were three for Kerberos administration, all of which could lead to unexpected application termination or arbitrary code execution with system privileges, according to Apple’s advisory.
Another buffer overflow vulnerability was patched in the AirPort Driver module, which an attacker can exploit by malformed control commands.
Apple also patched two bugs in libinfo, and three flaws in Login Window.
Landon Fuller, the hacker whose Month of Apple Bugs project gained widespread attention in January, took credit for a newly fixed bug in Quicktime RTSP URL Handling on his blog on Thursday.
The flaw is cause by a boundary error when handling RTSP URLs, which can be exploited to cause a stack-based buffer overflow.