For the second time this month, Apple
has released security patches to correct vulnerabilities found in several versions of its Mac OS X.
A “moderately critical” vulnerability in two Apache modules, mod_alias and mod_rewrite, could conceivably give a network user escalated privileges or let them launch a denial-of-service attack
saying it was not “handled properly.”
Apple also patched an unspecified vulnerability in the SystemConfiguration subsystem that allows network admins to change network settings and system configuration. Unspecified vulnerabilities were also found in the Mac OS X mail application, Safari Web browser, Windows file sharing and in the environment variables area.
Fixes have been issued for Mac OS X versions: 10.3.2 client and server; 10.2.8 client and server; and 10.1.5 client and server and can be found here.
Earlier this month, Apple patched a lower-priority vulnerability in the code that allowed a local user to “crash” SecurityServer by inputting a long password into a keychain. Several applications in Mac OS X cannot operate without SecurityServer, causing a denial of service.