Apple Computer released security patches Wednesday to
fix 20 vulnerabilities affecting its Mac OS X operating system.
The flaws
could be exploited by remote or local attacks and enable the execution of
arbitrary commands, Denial-of-Service
The company recommends users install Security Update 2005-005 to patch flaws in Apache, AppleScript, Bluetooth, the Finder, the Terminal command line application and the Netinfo Setup Tool, which contains a buffer overflow that could permit arbitrary code execution.
The flaws also include coding errors that can lead to buffer overflows and
execution of code, as well as configuration cock-ups, in which the Bluetooth file exchange service is enabled by default to share files without notifying the user, Apple said.
“Security Update 2005-005 disables Bluetooth file exchange and changes
the location of the default transfer directory on systems where the old
default directory is set,” Apple said. “In addition, new users of a system must now enable Bluetooth file exchange before it is allowed.”
Other fixes address a malformed TIFF image that could contain parameters
to result in image data overwriting, and two DOS and
code-execution holes are plugged in libXpm. The update also provides fixes in Directory Services, sudo, LDAP and Server Admin.
Apple issued a round of fixes in January and another batch of updates just over one month ago, which
plugged a dozen flaws in the OS X operating system. Those moves each precipitated last week’s launch of Tiger, the latest version of Apple’s OS.