Apple Computer issued 21 security updates aimed
at addressing problems, or potentially exploitable problems, in its Mac OS X
operating system.
Many of the fixes, available for download at Apple’s Security Update Web site, address potential system crashes and unauthorized
access to files.
For example, one fix addresses the potential for files and folders to be
accessed by outside parties when file sharing is enabled on the server.
Another fix, aimed at Mac OS X Server v10.3.9 and v10.4.7, addresses an
issue related to reconnection after a network outage.
Without this fix, Apple
said it’s possible for an authenticated local user on the network to read
the reconnect keys and access files and folders by impersonating another
user.
The update protects the reconnect keys with file system permissions.
Another security-related update increases the automatically generated
passkey in the Bluetooth Setup Assistant from six to eight characters.
Several security firms helped bring the problems to Apple’s attention.
The company credits Neil Archibald at Suresec in Fairview, N.J.,
for pointing out a problem in the dynamic linker that could give local users
unauthorized access.
Tom Ferris of Security-Protocols
in Mission Viejo, Calif., was credited with identifying how a
maliciously created GIF image could be used to create an application crash
or arbitrary code execution.
Apple said the updates address all of these issues.
The Macintosh has long had a reputation for being relatively immune to
viruses and hacker attacks, at least far less than its Windows PC
counterparts.
But the number of reported incidents has increased noticeably this year.
An Apple security update released in May
addressed 25 separate vulnerabilities.
Security flaws were also discovered in Apple’s iTunes and QuickTime
software, which Apple addressed with an update
back in January.