[ISN] Apple Mac OS X patch plugs 31 vulnerabilities

From: InfoSec News (alerts@private)
Date: Tue Nov 28 2006 - 22:17:32 PST


http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html

By Joris Evers
Staff Writer, CNET News.com
November 28, 2006

Apple Computer on Tuesday released a security update for Mac OS X to 
repair 31 vulnerabilities, including a zero-day Wi-Fi hijack flaw.

Apple's Security Update 2006-007 includes fixes for flaws in Apple's own 
code as well as third-party components that ship with the Mac OS X 
operating system, such as Perl, PHP and OpenSSL. Several of the 
vulnerabilities could allow full system compromises, according to 
Apple's security alert.

However, Apple's update does not address all publicly known flaws in the 
operating system. Over the past few weeks bug hunters, as part of an 
initiative called the Month of the Kernel Bugs, have published details 
on several new vulnerabilities in Mac OS X. One of those was tagged 
"highly critical" by security-monitoring company Secunia.

"Apple hasn't fixed any of the bugs published during the Month of Kernel 
Bugs, except for the AirPort issue," said "LMH," the code name of the 
security researcher who started the Month of the Kernel Bugs. "Apple 
users are still exposed to any potential risks related to those 
unpatched issues."

The security hole in the AirPort driver software affects Macs that 
shipped with Apple's original AirPort card, Apple said. An attacker 
nearby the computer could commandeer a vulnerable system by sending it a 
malicious network packet, according to Apple's alert.

Other flaws addressed by the Apple update could let Macs be compromised 
through malicious sites, rigged compressed files or malicious font 
files, Apple said. The update also fixes four flaws in the Mac OS X 
Security Framework, the worst of which could crash Macs or display 
expired security certificates as still valid, Apple said.

The Security Update 2006-007 for Mac OS X client and server software is 
available from the Software Update pane in Mac OS System Preferences, or 
Apple's downloads Web site. Apple recommends Mac users install it.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Nov 28 2006 - 22:29:02 PST