Apple has released its fifth security update of the year, covering 25 vulnerabilities in 20 Mac OS X components.
Fifteen of the vulnerabilities could allow an attacker to execute malicious code, but no working exploits have been reported for any of the attacks so far.
Three of the remote code execution vulnerabilities lie within Kerberos, a network security component developed by MIT. Apple credits the MIT Media Lab with reporting all three vulnerabilities.
Other fixes were for the Libinfo component and the LoginWindow software, which contained two flaws allowing users to bypass the authentication screen.
Apple's iChat video chat component received a fix for a vulnerability that could allow an attacker to remotely execute code on a user's system through a malformed video chat request.
The update also addresses a vulnerability in AirPort which could allow remote execution in several legacy systems. None of Apple's latest Mac Pro, iMac or MacBook systems is affected by the flaw.
The vulnerability is also unrelated to the pair of flaws patched earlier this month in the 802.11n AirPort systems.
The update is the second largest Apple has issued this year. The company released a security update last month containing 30 patches in 22 applications.
Latest Apple update fixes 25 flaws
By Shaun Nichols on Apr 23, 2007 12:30PM