Apple releases OS X security patches

Apple released on Tuesday security patches for Mac OS X 10.4.3, otherwise known as Tiger, as well as Mac OS X 10.3.9, dubbed Panther, according to the company's advisory.

Thirteen security flaws were found in areas related to the Apache 2 Web server, curl technology and the Safari browser. The vulnerabilities ranged from potentially letting an attacker launch a denial-of-service attack to taking control of a person's system remotely.

"The most severe of these are the vulnerabilities found in curl and the PCRE library used by Safari," said Thomas Kristensen, chief technology officer for security site Secunia, which rated Apple's updates as "highly critical" -- the second-highest danger ranking.

A large number of applications could be affected by the vulnerability in the PCRE library used by Safari's JavaScript engine, Kristensen said. People who inadvertently click on a malicious Web site with their Safari browser could find the flaw exploited, leading to a remote execution of code on their system.

A flaw in Apple's curl technology, which is a library frequently used to download large files and pass them along, could be exploited if visiting a malicious Web site. The site, once detecting curl technology is present on a user's system, can take advantage of the security flaw, Kristensen said. That could result to a remote execution of code on a computer.

One security flaw addressed in the update involves a boundary error found in WebKit. This marks the second time in four months that Apple has addressed a flaw in WebKit, Kristensen said.

This latest flaw could let an attacker launch a buffer overflow, or denial of service attack, that could also lead to a remote execution of code and control of a person's system. The earlier flaw in WebKit dealt with the handling of PDF documents.

The new Mac OS X patches follow one issued earlier this month by Apple to address vulnerabilities in four areas of its operating system.

Apple was not available for immediate comment.

• Related stories

• Alerts

Add your opinion

12 Vulnerabilities is hardly a 'Plague' Noah Burton Greenstone -- 01/12/05 (in reply to #120124049)

If this article is not biased I don't know what is...I wonder if ZDNet was paid by Microsoft to publish this one? With the plethora of Highly critical updates issed regularly for Windows OS, making an example of 12 Mac vulnberabilities is says a lot about the discrimination and bias by Windows PC evangelists.

• Reply to comment
• Report offensive content

Wrong Anonymous -- 04/12/05 (in reply to #120124050)

What it does say is that every OS has issues. Many if not all mac fans say it's rock solid secure and laugh at Windows and won't admit it has flaws, so for it to have a high number of issues is a plague. Same deal with Linux, those supporters blindly claim it's the most secure thing out there, but the flaws for it roll out just as much if not more than Windows every month, problem is it isn't a huge news item like for Windows and so it seems 'unnoticed'.

• Reply to comment
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials