Apple releases patches for Jaguar, Panther

By Robert Lemos
Posted on ZDNet News: Apr 6, 2004 7:30:00 PM

Apple released updates for the Panther and Jaguar versions of Mac OS X that fix security issues in the operating systems' printing, mail and encryption capabilities, as well as a critical vulnerability in the handling of Web addresses.

Apple gave little information about the patches, which were published Monday on the company's site. However, information on two of the vulnerabilities could be found at the Web site of the Common Vulnerability Encyclopedia, which is an attempt by Mitre, a systems engineering and information technology research organization, to create a complete database of software flaws.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The most critical vulnerabilities, in a common Unix library for the extensible markup language (XML), could allow an attacker to execute code on a victim's computer by sending a long address, also known as a Uniform Resource Locator, or URL.

Apple also fixed two flaws in OpenSSL that made PCs vulnerable to a denial-of-service attack. OpenSSL is the open-source software implementation of the secure sockets layer (SSL) protocol for encrypting communications on the Internet. The software is widely used in networking equipment and on Linux servers.

Apple released little information on the flaws in the Mac OS X's printing capabilities and the system's mail services. The Mac OS X uses its own version of the Common Unix Printing System.

While all four vulnerabilities had listings in the Common Vulnerability Encyclopedia, references to the printing and mail flaws were reserved by Apple and contained no other information.