Technology news and Jobs 
Information Technology News Security updates for Mac OS X, iPhone
Information Technology News Security updates for Mac OS X, iPhone | Security updates for Mac OS X, iPhone |
|
| by Stephen Withers | |
| Wednesday, 01 August 2007 | |
|
Page 1 of 2       
Depending on the version of Mac OS X (10.3.9 or 10.4.10, and client or server), the update patches a variety of components including bzip2, CFNetwork, Core Audio, cscope, gnuzip, iChat, Kerberos, mDNSResponder, PDFKit, PHP, Quartz Composer, samba, SquirrelMail, Tomcat, WebKit, and WebCore. Many of the vulnerabilities addressed allow the execution of arbitrary code (eg, when visiting a web site, opening a file with a maliciously crafted name, opening a maliciously crafted PDF file, or simply by receiving malicious network packets), so Apple recommends the update for all users. Many of the changes are in open source projects used by Mac OS X. One example is the update to Samba, which provides the Mac's Windows Sharing capability. Back in May, Symantec's security response team criticised Apple for not including an updated version of Samba in Security Update 2007-005: "The DeepSight Threat Analyst Team has suggested that all Mac OS X users using Windows Sharing disable the functionality until an associated Security Update is released or the 3.0.25 source code can be used to install the update version." The issue was relatively serious. As Apple puts it, "By sending maliciously crafted MS-RPC requests [to the Samba daemon], a remote attacker can trigger the overflow which may lead to arbitrary code execution." The updates may be downloaded via Software Update or from Apple's web site. |
| < Next story in category | Previous story in the category > |
|---|
