Jump to content
  • Who's Online   0 Members, 0 Anonymous, 16 Guests (See full list)

    • There are no registered users currently online

43 Flaws Fixed in Mac OS X

The Highlander

Recommended Posts


Apple Computer's security update train rumbled into the station late May 11 with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities.

The company's Security Update 2006-003 patches 31 flaws in the Mac OS X, most of them serious enough to cause "arbitrary code execution attacks."


Apple also shipped QuickTime 7.1 as a major security overhaul to correct 12 code execution and denial-of-service flaws.


The Mac OS X mega update includes patches for Apple's flagship Safari browser and Mail client.



According to the advisory, the Safari fix covers a flaw that could allow file manipulation or code execution if a user is lured to a maliciously rigged Web site.


In Mail, Apple said the bug could allow harmful code execution if a user is tricked into viewing a malicious e-mail message.


To read more about QuickTime code execution flaws, click here.


"By preparing a specially crafted e-mail message with MacMIME encapsulated attachments, an attacker may trigger an integer overflow. This may lead to arbitrary code execution with the privileges of the user running Mail," the company said.

The Mac OS X update also fixes code execution vulnerabilities in AppKit, ImageIO, BOM, CFNetwork, ClamAV, CoreFoundation, Finder, FTPServer, FlashPlayer, LaunchServices, libcurl, Preview, QuickDraw and QuickTime Streaming Server.


In the QuickTime 7.1 update, Apple ships 12 fixes for "application crash or arbitrary code execution" vulnerabilities.


The QuickTime bugs can allow a malicious hacker to launch successful attacks using different vectors; a specially crafted JPEG image; rigged QuickTime movies; specially created Flash, MPEG4 or H.264 movies; or maliciously crafted FlashPiX or BMP images.


(Full artical here)

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...