Four of the bugs are in Flash, the Adobe-sold animation player bundled with Mac OS X.
Apple Computer Inc. on Friday updated MacOS X 10.4 to patch 15 vulnerabilities in the operating system and bundled software that can let attackers run malicious code, crash the computer, or gain unauthorized access to the machine.
According to the alert that Apple released alongside the update, more than half of the fixed flaws can lead to "arbitrary code execution." In plain English, that means a hacker could hijack the Mac and install his own software on the system. Four of the bugs are in Flash, the Adobe-sold animation player bundled with Mac OS X.
A vulnerability in Safari, Apple's Web browser, could let malicious sites pose as trustworthy URLs with SSL (Secure Sockets Layer) indicators, said the alert, while in another, a specially-crafted JPEG2000 image could be used to trigger a buffer overflow to compromise the computer.
One of the more dangerous vulnerabilities outlined by Apple is a memory management error in WebKit's handling of certain HTML. Simply viewing a malicious Web site could result in a hacked Mac. WebKit is Apple's version of the open-source browser engine used by Safari and other OS X components, including Mail and the Dashboard.
The update -- as well as a similar security update for users of Mac OS X 10.3 (Panther) that includes only 8 patches -- can be downloaded from the Apple Web site, or retrieved using the operating system's own auto update tool.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.