Apple Releases Slew of Security Patches

In a move most frequently made by Microsoft, Apple Computer released security patches Wednesday to fix 20 vulnerabilities affecting its Mac OS X operating system.

While the majority of SMBs use PCs, plenty of you rely on Macs running OS X, especially companies in the graphics, printing, publishing, video production and educational service industries. Those of you that do take heed — OS vulnerabilities are serious security threats.

The flaws could be exploited by remote or local attacks and enable the execution of arbitrary commands, Denial-of-Service attacks or elevated privileges, according to the company.

The company recommends users install Security Update 2005-005 to patch flaws in Apache, AppleScript, Bluetooth, the Finder, the Terminal command line application and the Netinfo Setup Tool, which contains a buffer overflow that could permit arbitrary code execution.

The flaws also include coding errors that can lead to buffer overflows and execution of code, as well as configuration cock-ups, in which the Bluetooth file exchange service is enabled by default to share files without notifying the user, Apple said.

"Security Update 2005-005 disables Bluetooth file exchange and changes the location of the default transfer directory on systems where the old default directory is set," Apple said. "In addition, new users of a system must now enable Bluetooth file exchange before it is allowed."

Other fixes address a malformed TIFF image that could contain parameters to result in image data overwriting, and two DOS and code-execution holes are plugged in libXpm. The update also provides fixes in Directory Services, sudo, LDAP and Server Admin.

Apple issued a round of fixes in January and another batch of updates just over one month ago, which plugged a dozen flaws in the OS X operating system. Those moves each precipitated last week's launch of Tiger, the latest version of Apple's OS.

Adapted from Internetnews.com.