On TV.com: CHUCK Spied a Return Date
BNET Business Network:
BNET
TechRepublic
ZDNet
80 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: May 4, 2005 2:29:00 PM

Apple Computer on Tuesday released 20 patches for its OS X operating system designed to fix flaws that could catch users off-guard.

The vulnerabilities apply to Mac OS X v10.3.9 and Mac OS X Server 10.3.9, according to Apple's advisory. The announcement comes roughly a month after Apple issued nearly a dozen patches for its Mac OS.

The advisory also falls just days after Apple's much ballyhooed release of the latest version of its operating system, Mac OS X 10.4, widely known as Tiger. The flaws were already addressed in Tiger, so the patches apply only to the previous version, known as Panther.

Security company Secunia on Wednesday rated Apple's OS X flaws as "highly critical." Among the flaws of greatest concern is a vulnerability in the OS X AppKit that relates to the handling of TIFF graphics files.

"If people view a malicious TIFF, it could result in running arbitrary code," said Thomas Kristensen, chief technology officer for Secunia. "TIFF is usually viewed as safe form to view things, so this makes it more critical."

Another issue of concern is an AppleScript flaw. If users visit a Web site and accept AppleScript from that site, they could find it executing different code than they had expected, Kristensen added.

A flaw affecting the Apache Web server, meanwhile, could allow a buffer overflow in the htdigest program, which if used improperly in a CGI application could in turn allow a remote system attack.

Secunia downplayed the Apache flaw.

"Apache is an important bug fix, but it would be unusually difficult to exploit and it would need an unusual configuration," said Thomas Kristensen, chief technology officer for Secunia.

Two vulnerabilities were also found in the operating system's Bluetooth wireless capabilities. One could allow files to be shared without properly notifying the user, while another could be used by a malicious attacker to access files outside the default file exchange directory via the Bluetooth file and object exchange services.

Another flaw could allow directory services to be altered to give privileges to someone who is unauthorized to have them, according to the advisory.

Apple's OS X patch announcement also includes fixes for Finder, Foundation, Help Viewer, LDAP, libXpm, lukemftpd, NetInfo, Server Admin, sudo, Terminal and VPN.

Apple has no fixed schedule for issuing patches. By contrast, Microsoft in late 2003 moved to a monthly release of security fixes, and Oracle has adopted a similar practice, but on a quarterly basis.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 80 Talkback(s)
Nothing like it.
AppleScript is more like VBScript (still very different but at least comparable). (Read the rest)
Posted by: Immanuel Tranz-Mischen Posted on: 05/06/05 You are currently: a Guest | | Terms of Use
Can't touch the new kewl cat  Jeff Spicoli | 05/04/05
Dang it!  tic swayback | 05/04/05
Time for a G5!  Jeff Spicoli | 05/04/05
RE: Time for a G5!  Linux User 147560 | 05/04/05
Pot Kettle Black  osreinstall | 05/04/05
Not quite  tic swayback | 05/04/05
I turn off visual effects  osreinstall | 05/05/05
But of course  tic swayback | 05/05/05
There's a difference.  Immanuel Tranz-Mischen | 05/05/05
Eye candy is eye candy  osreinstall | 05/05/05
As I said...  Immanuel Tranz-Mischen | 05/06/05
Remember, kiddies, flaws are not the same as Flawed by Design(TM)  Xunil_Sierutuf | 05/04/05
Design Patterns  FirstNLastN | 05/04/05
Message has been deleted.  Jeff Spicoli | 05/04/05
Message has been deleted.  Immanuel Tranz-Mischen | 05/05/05
Nope..  d_jedi | 05/05/05
Get real.  Immanuel Tranz-Mischen | 05/05/05
WRONG...!  Wolfie2K3 | 05/05/05
I can answer that.  Immanuel Tranz-Mischen | 05/05/05
This should highlight the difference  Qbt | 05/04/05
Still flogging the same old dead horse, I see.  The_Raven_z | 05/04/05
Leave Peter alone...  Mike Cox | 05/04/05
7.5  Real World | 05/04/05
9.85  nucrash | 05/04/05
Yet you provide nothing...  ye | 05/04/05
Simple logic. That's why.  The_Raven_z | 05/04/05
The simple logic...  ye | 05/04/05
Can you answer this?  Linux User 147560 | 05/04/05
I could but...  ye | 05/04/05
Go here  osreinstall | 05/04/05
RE: I could but...  In_the_end_I_Win | 05/04/05
RE: Go here  Linux User 147560 | 05/04/05
Even simpler logic...  buddhistMonkey | 05/04/05
Not linearly proportional..  d_jedi | 05/05/05
C'mon now jedi...  MacCanuck | 05/05/05
Simple logic....  c_perrymsu | 05/05/05
The only problem with that theiry C_ is that there  Laff | 05/05/05
Bzzzt. Wrong.  Yen_z | 05/04/05
Conversely,  michael-t | 05/05/05
Lets take an imperfect analogy.  doe_z | 05/04/05
Security is independant of external conditions..  d_jedi | 05/05/05
Come on  cashaww | 05/04/05
Knowing something is better, not making a change  RicD_ | 05/04/05
Leave me alone with Tiger...  Mike Cox | 05/04/05
10+  jdd48 | 05/04/05
15  slingzenarrowzuvowtrayjissforchin | 05/04/05
9.0  Real World | 05/04/05
14.5  nucrash | 05/04/05
??  Jkirk3279 | 05/05/05
A Load of Bull  The_Raven_z | 05/04/05
Yes  Qbt | 05/04/05
Ouch! That really hurts, Mr. Weter.  The_Raven_z | 05/04/05
Fresh air...  slingzenarrowzuvowtrayjissforchin | 05/04/05
What about the heads up  cashaww | 05/04/05
That's because...  ye | 05/04/05
French ?  Jkirk3279 | 05/05/05
The same can be said...  DragonBRockin | 05/04/05
I'm curious...  PA-ITGuy | 05/04/05
10.2?  Ken_z | 05/05/05
Considering...  PA-ITGuy | 05/05/05
I'm not sure if earlier versions are affected...  MacCanuck | 05/05/05
Looking at the information  PA-ITGuy | 05/05/05
Sorry, it is more secure  rpmyers1 | 05/04/05
Timing  osreinstall | 05/04/05
How is this "diabolical"?  Laff | 05/04/05
Real Easy  osreinstall | 05/04/05
I think you are making some assumtions here...Both  Laff | 05/05/05
Both Jobs and Gates do not belong at the Round Table  osreinstall | 05/05/05
I do agree that there are no saints here....:)  Laff | 05/06/05
What about Panther?  ye | 05/04/05
Yes and Yes  Hugh Jass | 05/04/05
Oops...I meant Jaguar.  ye | 05/04/05
I would imagine Jaguar is affected, too  Hugh Jass | 05/04/05
And they're just now patching Panther???  ye | 05/04/05
I think they have just rolled a bunch of  Hugh Jass | 05/04/05
Hmmmm  oldmatekev | 05/05/05
Applescript = ActiveX?  Roger Ramjet | 05/05/05
Nothing like it.  Immanuel Tranz-Mischen | 05/06/05
Apple is good  FilledOut | 05/05/05
Sorry, Dawn, your article failed to malign Tiger  YuridaMan | 05/05/05

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline