has rolled out a major security update
to fix several vulnerabilities in its flagship Mac OS X Panther client
The patch, which is rated “highly critical” by security research firm
Secunia, addresses security flaws that put Mac OS X users at risk of
sensitive data leakage, Denial of Service attacks and system access.
According to an Apple advisory,
the Mac OS X 10.3.5 update corrects multiple vulnerabilities
in libpng that can be exploited by malicious hackers to compromise a user’s
The U.S. government’s Computer Emergency Readiness Team (US-CERT) has
previously issued a warning
that bugs in libpng, the reference library that supports the Portable
Network Graphics (PNG) image format, could allow a remote attacker to
commandeer a vulnerable machine.
The upgrade also includes improved support for NTFS formatted
volumes; updates for ATI and NVIDIA graphics drivers; updated Mail and Image
Capture applications; and improved compatibility for third-party
applications, Apple said.
Also patched are specific vulnerabilities in Apple’s Safari
Web browser. The upgrade plugs a hole that could open the
door to phishing attacks and addresses a flaw that could be used
by a malicious Web site to steal sensitive information from forms.