Mammoth Apple OS X Update Patches 88 Flaws

Apple, in its most recent Security Update 2010-002 as well as Mac OS X version 10.6.3, patched a whopping 88 security flaws within 43 separate constituents of OS X. The flaws allow malware to infect users of OS X or hijack their computers by inducing them to open a specifically crafted file.

Considered as 'critical,' the Mac OS X v10.6.3 update addresses vulnerabilities, which could allow execution of remote code, disclosure of information, and launching of DOS attacks. At times, an attacker could even take total control of a Mac system via making the user to just see a malevolent movie or image file.

The flaws addressed with the update exist in QuickTime, AppKit, CoreTypes, CoreMedia, Image RAW, Image10 and DiskImages. It also addresses the cavities within various open source constituents such as ClamAV, Apache, PHP and MySQL.

Aside this, Apple also patched a flaw in CoreAudio that is related to a problem of memory distortion while handling audio content encoded with QDM2. If users play a malevolently crafted audio piece, it could result in a sudden termination of software or running of malicious code. Apple addresses this problem via better bounds checking.

Furthermore, there existed certain flaw in Wiki Server as well. If a hacker successfully uploaded an especially crafted applet and also tricked a user of Wiki Server into seeing it, a remote hacker could acquire sensitive information. To address the issue, an authentication cookie of one-time employment is needed that is used merely to pull down one particular attachment. The problem solely affects Mac OS X Server machines, while leaves versions 10.6 and later unaffected.

Regarding the released updates, security specialists stated that Apple taking long for setting updates isn't unusual. However, the current update is quite different. One vulnerability among the many covered is CVE-2003-0063 within the X11 constituent. That vulnerability was revealed in February 2003. Yet another security hole within the iChat Server was disclosed back in 2006. Nine more were disclosed in 2008 and thirty in the year 2009. Of all the problems detected, 27 are considered to be potential enough to cause execution of remote code, the specialists added.

Related article: Month Of Apple Bugs Kicks Off

» SPAMfighter News - 4/7/2010