Apple didn't say if the code execution is confined to the limited privileges of the current user, or if attackers could execute code at the root level.
Attackers could also target OS X's "file" for remote code execution. That vulnerability affects all versions of MacOS 10.3 and 10.4.
No other components suffered from remote execution vulnerabilities, which are considered to be the most severe flaws.
A flaw in the Fetchmail component meanwhile could allow attackers to steal a user's email password. Fetchmail is a component used to download e-mails into a user's local machine. Apple said that the component may not adequately encrypt the password.
Vulnerabilities in Apple's iChat messaging software and mDNSResponder system component were also patched. Both vulnerabilities could be exploited to remotely execute code, but required the attacker to be on a local network with the target machine.
The company also fixed a vulnerability in the way that OS X handles disk images. Apple warned that by convincing a user to mount two identically-named disk images, an attacker would be able to disguise a piece of malicious software as a legitimate application or document.
The security update is available through Apple's software update system component or as a download from the company's website.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
