Apple’s Patch Slew

Apple Computer released security patches Wednesday to
fix 20 vulnerabilities affecting its Mac OS X operating system.

The flaws
could be exploited by remote or local attacks and enable the execution of
arbitrary commands, Denial-of-Service attacks or elevated privileges, according to the company.

The company recommends users install Security Update 2005-005 to patch flaws in Apache, AppleScript, Bluetooth, the Finder, the Terminal command line application and the Netinfo Setup Tool, which contains a buffer overflow that could permit arbitrary code execution.

The flaws also include coding errors that can lead to buffer overflows and
execution of code, as well as configuration cock-ups, in which the Bluetooth file exchange service is enabled by default to share files without notifying the user, Apple said.

“Security Update 2005-005 disables Bluetooth file exchange and changes
the location of the default transfer directory on systems where the old
default directory is set,” Apple said. “In addition, new users of a system must now enable Bluetooth file exchange before it is allowed.”

Other fixes address a malformed TIFF image that could contain parameters
to result in image data overwriting, and two DOS and
code-execution holes are plugged in libXpm. The update also provides fixes in Directory Services, sudo, LDAP and Server Admin.

Apple issued a round of fixes in January and another batch of updates just over one month ago, which
plugged a dozen flaws in the OS X operating system. Those moves each precipitated last week’s launch of Tiger, the latest version of Apple’s OS.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web