Apple patch tackles two dozen Mac OS vulnerabilitiesApple Inc. on Thursday plugged over two dozen security exploits within the client and server versions of its Mac OS X 10.3 "Panther" and Mac OS X 10.4 "Tiger" operating systems that could potentially expose Mac users to a variety of malicious attacks.
For Mac OS X 10.4.9
A version of the software update for systems running Mac OS X 10.4.9 — labeled Security Update 2007-004 — does away with vulnerabilities affecting AFP Client, AirPort, CarbonCore, diskdev_cmds, fetchmail, ftpd, gnutar, Help Viewer, HID Family, Installer, Kerberos, Libinfo, Login Window, network_cmds, SMB, System Configuration, URLMount, Video Conference and WebDAV.
The patch is available as a 16.1MB download for Macs running the Intel version of Mac OS X 10.4.9 client version and as a 9.3MB download for those machines running the PowerPC version of the OS.
For Mac OS X 10.3.9
Apple has also made a version of the security update available for systems running the most recent point release of its previous-generation Mac OS X 10.3 "Panther" software. That release dismantles exploits in AFP Client, AirPort, diskdev_cmds, fetchmail, ftpd, Help Viewer, Kerberos, Libinfo, Login Window, network_cmds, SMB, System Configuration, URLMount, Video Conference, WebDAV and WebFoundation.
Users of 10.3.9 can download a 37.6MB updater for the client version of the software or a 54.1MB updater for its server counterpart.
For the most part, the vulnerabilities addressed by the Mac maker's latest security update could translate into denial of service attack, unexpected application termination, or arbitrary code execution. However, Apple made note of several more critical issues that could allow malicious users to gain elevated system privileges through AFP Client, Airport, CarbonCore, Kerberos, WebDav and the Mac OS X Login Window.
The Cupertino-based company also addressed two other significant shortcomings of the Login Window. The first, resulting from insufficient checks of environmental variables, could allow local user to obtain system privileges and execute arbitrary code. The other, meanwhile, would at times allow the screen saver authentication dialog to be bypassed without entering a password even when a user had set his or her preference to "require a password to wake the computer from sleep."
On Topic: General
- Best Buy slashes $100 off iPad Air 2 (from $399), $200 off MacBook Pro with CD/DVD ($899), $150 off iMacs (from $899)
- Natalie Portman rumored for troubled Steve Jobs biopic
- Judge rules Apple entitled to potential ongoing royalties from patent-infringing Samsung products
- Union pushes Apple for better treatment of campus security guards
- More secrets could come from GT Advanced bankruptcy as Apple divulges details to creditors