Apple Releases Slew of Security Patches

By Tim Gray | Posted May 05, 2005
  • Print Article
  • Email Article

In a move most frequently made by Microsoft, Apple Computer released security patches Wednesday to fix 20 vulnerabilities affecting its Mac OS X operating system.

While the majority of SMBs use PCs, plenty of you rely on Macs running OS X, especially companies in the graphics, printing, publishing, video production and educational service industries. Those of you that do take heed — OS vulnerabilities are serious security threats.

The flaws could be exploited by remote or local attacks and enable the execution of arbitrary commands, Denial-of-Service attacks or elevated privileges, according to the company.

The company recommends users install Security Update 2005-005 to patch flaws in Apache, AppleScript, Bluetooth, the Finder, the Terminal command line application and the Netinfo Setup Tool, which contains a buffer overflow that could permit arbitrary code execution.

The flaws also include coding errors that can lead to buffer overflows and execution of code, as well as configuration cock-ups, in which the Bluetooth file exchange service is enabled by default to share files without notifying the user, Apple said.

"Security Update 2005-005 disables Bluetooth file exchange and changes the location of the default transfer directory on systems where the old default directory is set," Apple said. "In addition, new users of a system must now enable Bluetooth file exchange before it is allowed."

Other fixes address a malformed TIFF image that could contain parameters to result in image data overwriting, and two DOS and code-execution holes are plugged in libXpm. The update also provides fixes in Directory Services, sudo, LDAP and Server Admin.

Apple issued a round of fixes in January and another batch of updates just over one month ago, which plugged a dozen flaws in the OS X operating system. Those moves each precipitated last week's launch of Tiger, the latest version of Apple's OS.

Adapted from Internetnews.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Get free tips, news and advice on how to make technology work harder for your business.

Learn more
You have successfully registered to
Enterprise Apps Daily Newsletter
Thanks for your registration