Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Apple patches highly critical holes

Apple patches highly critical holes

by Nikola Strahija on June 12th, 2005 Apple Computer has fixed a number of security holes in Mac OS X, some of which could allow remote attackers to take over a system.


The company has released patches for OS X versions 10.3.9 and 10.4.1, better known as "Panther" and "Tiger".

The most serious one is a flaw in AFP Server's legacy client support that could be used to cause a buffer overflow and execute malicious code. Another bug could let attackers access any file on a Bluetooth-enabled system, using directory traversal attacks via the Bluetooth file and object exchange services.

The patch fixes insecure folder permissions for Dashboard system widgets, a feature criticised by several security experts. The VPN fix addresses a flaw that could be exploited by local users to gain root privileges on VPN servers.

Another fix repairs a flaw in the CoreGraphics Window Server that could be used by console users to gain escalated privileges. A bug in LaunchServices can allow file extensions and MIME types to bypass download security restrictions in some circumstances.
Besides such fixes, which mostly apply to newly disclosed flaws, the patch repairs previously known problems in PHP that could be used to crash or take over a system.

Update number 2005-006 is available from Apple's website or via OS X's automatic updating feature.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »