Mac OS 10.6.7: security patches by the dozen

Stephen Withers
Tuesday, 22 March 2011 16:57

Business IT - Security

There's nothing in Mac OS X 10.6.7 for most people to get excited about - apart from a list of security updates as long as your arm.

Mac OS X 10.6.7 arrived overnight with the usual lack of fanfare.

Recommending it to all Snow Leopard users, Apple merely stated that it "includes general operating system fixes that enhance the stability, compatibility, and security of your Mac, including fixes that: Improve the reliability of Back to My Mac; Resolve an issue when transferring files to certain SMB servers; [and] Address various minor Mac App Store bugs."

But take the trouble to dig a little deeper and you'll find the list of security fixes runs from AirPort to X11, with vulnerabilities addressed in Apple's own code and through the delivery of newer versions of open source components used by Mac OS X.

Issues addressed by 10.6.7 could previously have been exploited to cause denial of service conditions, the execution of arbitrary code, privilege escalation, application termination, and data disclosure. Problem types include divide by zero, format strings, buffer overflows, and cross-site scripting.

They could be exploited by malicious files of several types, including fonts, bzip2 archives, image and videos in various formats, and Microsoft Office documents.

There's even an additional malware detection - see page 2.