Version: 2008
  • On MovieTome: The 10 worst movies of 2009 so far!

November 30, 2005 8:02 AM PST

Apple releases OS X security patches

By Dawn Kawamoto
Staff Writer, CNET News

  • 110 comments
Related Stories

Apple plugs 'critical' holes in OS X

 September 23, 2005

Apple fixes Java flaws in Mac OS

 September 14, 2005

Apple fixes broken OS X patch

 August 19, 2005
Apple Computer has issued "highly critical" security updates to address more than a dozen vulnerabilities in its Mac OS X operating system.

Apple released on Tuesday security patches for Mac OS X 10.4.3, otherwise known as Tiger, as well as Mac OS X 10.3.9, dubbed Panther, according to the company's advisory.

Thirteen security flaws were found in areas related to the Apache 2 Web server, curl technology and the Safari browser. The vulnerabilities ranged from potentially letting an attacker launch a denial-of-service attack to taking control of a person's system remotely.

"The most severe of these are the vulnerabilities found in curl and the PCRE library used by Safari," said Thomas Kristensen, chief technology officer for security site Secunia, which rated Apple's updates as "highly critical"--the second-highest danger ranking.

A large number of applications could be affected by the vulnerability in the PCRE library used by Safari's JavaScript engine, Kristensen said. People who inadvertently click on a malicious Web site with their Safari browser could find the flaw exploited, leading to a remote execution of code on their system.

A flaw in Apple's curl technology, which is a library frequently used to download large files and pass them along, could be exploited if visiting a malicious Web site. The site, once detecting curl technology is present on a user's system, can take advantage of the security flaw, Kristensen said. That could result to a remote execution of code on a computer.

One security flaw addressed in the update involves a boundary error found in WebKit. This marks the second time in four months that Apple has addressed a flaw in WebKit, Kristensen said.

This latest flaw could let an attacker launch a buffer overflow, or denial of service attack, that could also lead to a remote execution of code and control of a person's system. The earlier flaw in WebKit dealt with the handling of PDF documents.

The new Mac OS X patches follow one issued earlier this month by Apple to address vulnerabilities in four areas of its operating system.

Apple was not available for immediate comment.

See more CNET content tagged:
security flaw, Apple Mac OS X, flaw, vulnerability, Apple Safari

Add a Comment (Log in or register) (110 Comments) (110 Comments)
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Apple (-1.76%) -3.60 200.59
Dow Jones Industrials (-1.48%) -154.48 10,309.92
S&P 500 (-1.72%) -19.14 1,091.49
NASDAQ (-1.73%) -37.61 2,138.44
CNET TECH (-1.49%) -23.73 1,570.23
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET