RealTime IT News

Apple's Patch Slew

Apple Computer released security patches Wednesday to fix 20 vulnerabilities affecting its Mac OS X operating system.

The flaws could be exploited by remote or local attacks and enable the execution of arbitrary commands, Denial-of-Service attacks or elevated privileges, according to the company.

The company recommends users install Security Update 2005-005 to patch flaws in Apache, AppleScript, Bluetooth, the Finder, the Terminal command line application and the Netinfo Setup Tool, which contains a buffer overflow that could permit arbitrary code execution.

The flaws also include coding errors that can lead to buffer overflows and execution of code, as well as configuration cock-ups, in which the Bluetooth file exchange service is enabled by default to share files without notifying the user, Apple said.

"Security Update 2005-005 disables Bluetooth file exchange and changes the location of the default transfer directory on systems where the old default directory is set," Apple said. "In addition, new users of a system must now enable Bluetooth file exchange before it is allowed."

Other fixes address a malformed TIFF image that could contain parameters to result in image data overwriting, and two DOS and code-execution holes are plugged in libXpm. The update also provides fixes in Directory Services, sudo, LDAP and Server Admin.

Apple issued a round of fixes in January and another batch of updates just over one month ago, which plugged a dozen flaws in the OS X operating system. Those moves each precipitated last week's launch of Tiger, the latest version of Apple's OS.