Apple has released a security update for its OS X operating system that plugs five vulnerabilities.
Apple does not issue severity ratings for vulnerabilities in its software, but at least two of the repaired vulnerabilities could allow an attacker to take control of a system.
The update to version 10.4.7 repairs a vulnerability in the way that OS X handles TIFF images which could be exploited through a specially crafted image. The vulnerability can cause an application to crash or allow for arbitrary code execution.
The ClamAV application that is bundled with the server version of the operating system could also allow an attacker to take over control of a system, Apple warned.
The attacker would have to set up a spoofed database mirror for the ClamAV antivirus application.
Of the remaining plugged holes, a vulnerability in the AFP server is vulnerable to a privilege escalation that can lead to disclosure of sensitive information.
The Launchd program is suffering from a vulnerability that could allow a local user to gain additional privileges and the Open Directory Server and is susceptible to a security flaw that gives attackers an opportunity to crash the application.
Users can update their system through the update service built into OS X or by manually downloading the patch from the Apple support website.
Apple plugs five security holes
By Tom Sanders on Jun 30, 2006 9:58AM