Stephen Withers
Wednesday, 14 March 2007 09:00
Business IT -
Technology
Page 3 of 4
As for security, the updates cover around four dozen issues, several of which were highlighted during the Month of Apple Bugs (MoAB) or the Month of Kernel Bugs (MoKB).
Malformed-file vulnerabilities (which can cause crashes or allow the execution of arbitrary code) are prominent, with fixes in ColorSync, CoreGraphics (for the malformed PDF exploit from MoAB), Disk Image handling (multiple flaws, some of which appeared in MoAB or MoKB), ImageIO (malformed GIF and RAW images), QuickDraw (PICT images), Software Update (MoAB again)
The CrashReporter privilege escalation vulnerability (another MoAB issue) has been fixed, and the printer initialisation process no longer provides an opportunity for a malicious user to create or overwrite arbitrary files.
CUPS (denial of service attack), Directory Services ("An implementation flaw in DirectoryService allows an unprivileged LDAP user to change the local root password"), a pair of AppleTalk issues (identified during MoKB and MoAB), Server Manager (flawed user validation), an Apple-specific Samba module (buffer overflow vulnerability) have all been updated.
IOKit has been changed to prevent one logged-in user from capturing another's keystrokes,
Kernel changes reduce the risk of deliberately caused kernel panics, privilege elevation, and denials of service (more MoKB issues).
Some non-Apple security updates are part of the package, namely Adobe Flash Player 9.0.28.0, GNU Tar 1.16.1 (archiving utility), MySQL Server 4.1.22, OpenSSH 4.5, sudo 1.6.8p12, and Blojsom (Mac OS X Server only).
What about Mac OS X Server?
LATEST HEADLINES FROM YOUR IT
