IoT
News
News
6/27/2006
07:28 PM
50%
50%

Apple Fixes Vulnerabilities In OS X Update

The vulnerabilities allow attackers to launch a denial-of-service attack, view the names of files and folders in search results, or execute code with elevated privileges.

Apple Tuesday released Mac OS X version 10.4.7, which fixes several security vulnerabilities that at least one security vendor rated as serious.

Although the issues don't affect OS X versions prior to 10.4., and no exploits have been reported, Symantec assigned its highest severity rating -- 10 out of 10 -- to the vulnerabilities in an advisory issued Tuesday afternoon to subscribers of its DeepSight Threat Management System.

According to the advisory, OS X has a stack-based buffer overflow vulnerability that is triggered when viewing malformed TIFF images, which could give hackers a way to control program execution flow and repeatedly crash a system, resulting in a de facto denial of service attack against authorized users.

A vulnerability affecting OpenLDAP, an open source version of the Lightweight Directory Access Protocol (LDAP), could be used by remote attackers to send invalid requests and crash the service, which would also result in a denial of service scenario.

A flaw in the Apple Filing Protocol (AFP) server could allow unauthorized users to view the names of files and folders in search results, which could cause sensitive information in file and folder names to be compromised.

Finally, a local format-string vulnerability in Launchd, the program-launching mechanism in OS X, could be used by hackers to execute code with elevated privileges, according to the Symantec advisory.

George Swords, marketing manager for PowerMacPac, an Apple reseller in Portland, Ore., hasn't encountered any of the security issues outlined in the Symantec bulletin, but says exploits are possible in any operating system.

"The bottom line is there are always going to be tweaks and updates to any operating system," Swords said. "Having potential security issues fixed before they're exploited is definitely a good thing."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of July 17, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.