Apple plugs five security holes

By

Apple has released a security update for its OS X operating system that plugs five vulnerabilities.

Apple plugs five security holes
Apple has released a security update for its OS X operating system that plugs five vulnerabilities.

Apple does not issue severity ratings for vulnerabilities in its software, but at least two of the repaired vulnerabilities could allow an attacker to take control of a system.

The update to version 10.4.7 repairs a vulnerability in the way that OS X handles TIFF images which could be exploited through a specially crafted image. The vulnerability can cause an application to crash or allow for arbitrary code execution.

The ClamAV application that is bundled with the server version of the operating system could also allow an attacker to take over control of a system, Apple warned.

The attacker would have to set up a spoofed database mirror for the ClamAV antivirus application.

Of the remaining plugged holes, a vulnerability in the AFP server is vulnerable to a privilege escalation that can lead to disclosure of sensitive information.

The Launchd program is suffering from a vulnerability that could allow a local user to gain additional privileges and the Open Directory Server and is susceptible to a security flaw that gives attackers an opportunity to crash the application.

Users can update their system through the update service built into OS X or by manually downloading the patch from the Apple support website.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?