Apple Plugs Panther, Jaguar Holes

Apple Computer has issued a security fix for vulnerabilities in its Mac OS X operating system.

The Cupertino, Calif., company pushed out an update to Mac OS X 10.2.8 to plug holes in OpenSSL, the open-source toolkit for SSL .

Two brief alerts from Apple said the OpenSSL flaw, first
detected in October, was patched along with vulnerabilities in mail with CRAM-MD5 authentication and QuickTime for Java.

Security consultants Secunia described the flaws a “moderately critical” and warned that exploitation could lead to denial-of-service attacks .

The patch for Mac OS X, codenamed Jaguar, also included fixes for flaws in personal file sharing and the other functions of the operating system.

Apple also issued an update for the Mac OS X 10.3.1 Client and Servers Software (codenamed Panther) to fix the OpenSSL issue.

Panther builds on Jaguar’s success as a UNIX-based platform with additional compatibility with new technologies. The current operating system has found new converts ranging from dyed-in-the-wool Windows users to UNIX users.

Panther is Apple’s big push in the enterprise market. It comes with a Server Admin tool that allows IT admins to set up and manage the open source software built into Mac OS X. It also includes Open Directory 2 for hosting scalable LDAP directory and Kerberos authentication services, Samba 3 for providing login and home directory support for Windows clients, and the
JBoss application server.

It’s not the first time the Cupertino, Calif.-based Apple has had to address serious security holes in its flagship operating system. Earlier this year, Apple patched
seven security flaws that put users at the risk of system access attacks.