Apple Plugs Apache, App Flaws
For the second time this month, Apple A "moderately critical" vulnerability in two Apache modules, mod_alias and mod_rewrite, could conceivably give a network user escalated privileges or let them launch a denial-of-service attack Apple also patched an unspecified vulnerability in the SystemConfiguration subsystem that allows network admins to change network settings and system configuration. Unspecified vulnerabilities were also found in the Mac OS X mail application, Safari Web browser, Windows file sharing and in the environment variables area.
Fixes have been issued for Mac OS X versions: 10.3.2 client and server; 10.2.8 client and server; and 10.1.5 client and server and can be found here.
Earlier this month, Apple patched a lower-priority vulnerability in the code that allowed a local user to "crash" SecurityServer by inputting a long password into a keychain. Several applications in Mac OS X cannot operate without SecurityServer, causing a denial of service.
has released security patches to correct vulnerabilities found in several versions of its Mac OS X.