[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Apple Mac OS X patch plugs 31 vulnerabilities
From: InfoSec News <alerts () infosecnews ! org>
Date: 2006-11-29 6:17:32
Message-ID: Pine.LNX.4.61.0611290017240.12949 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html
By Joris Evers
Staff Writer, CNET News.com
November 28, 2006
Apple Computer on Tuesday released a security update for Mac OS X to
repair 31 vulnerabilities, including a zero-day Wi-Fi hijack flaw.
Apple's Security Update 2006-007 includes fixes for flaws in Apple's own
code as well as third-party components that ship with the Mac OS X
operating system, such as Perl, PHP and OpenSSL. Several of the
vulnerabilities could allow full system compromises, according to
Apple's security alert.
However, Apple's update does not address all publicly known flaws in the
operating system. Over the past few weeks bug hunters, as part of an
initiative called the Month of the Kernel Bugs, have published details
on several new vulnerabilities in Mac OS X. One of those was tagged
"highly critical" by security-monitoring company Secunia.
"Apple hasn't fixed any of the bugs published during the Month of Kernel
Bugs, except for the AirPort issue," said "LMH," the code name of the
security researcher who started the Month of the Kernel Bugs. "Apple
users are still exposed to any potential risks related to those
unpatched issues."
The security hole in the AirPort driver software affects Macs that
shipped with Apple's original AirPort card, Apple said. An attacker
nearby the computer could commandeer a vulnerable system by sending it a
malicious network packet, according to Apple's alert.
Other flaws addressed by the Apple update could let Macs be compromised
through malicious sites, rigged compressed files or malicious font
files, Apple said. The update also fixes four flaws in the Mac OS X
Security Framework, the worst of which could crash Macs or display
expired security certificates as still valid, Apple said.
The Security Update 2006-007 for Mac OS X client and server software is
available from the Software Update pane in Mac OS System Preferences, or
Apple's downloads Web site. Apple recommends Mac users install it.
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic