02:12 PM

Apple Misses Bugs, Offers Fix

Apple is sending out its second security update for Mac OS X in as many weeks, including follow-up fixes to bugs thought to have been patched on March 1st.

Apple Computer on Monday released its second security update for Mac OS X in as many weeks, including follow-up fixes to bugs thought to have been patched on March 1.

Security Update 2006-002 corrects three problems that the earlier update missed for the Safari browser and other components, and also patches two new vulnerabilities, one in the Mail client. If not fixed, the Mail bug could give attackers a way to run their code on Macs.

The first day of this month, Apple issued a much larger update that plugged 17 security holes in the Mac OS X and bundled applications, including a zero-day vulnerability that could let attackers hijack machines using "drive-by download" tactics.

2006-002 patches drive-by download vulnerabilities that Apple missed. "This update provides additional checks to identify variations of the malicious file types addressed in Security Update 2006-001 so that they are not automatically opened," Apple said in the advisory.

Errors in the previous update's fixes for an Apache PHP script language bug and a flaw in the "rsync" file transfer utility have also been corrected, said Apple.

Of the two new vulnerabilities, the Mail bug is the most serious. It could allow attackers armed with specially-crafted messages and attachments to create a buffer overflow on a Mac, which in turn might let the hacker install other code, such as a Trojanized bot or backdoor, on the machine. End result: hijacked Mac.

The other involves how Mac OS X handles documents containing JavaScript: attackers could create a malicious file and stick it on a Web site. When opened, the document could bypass certain security restrictions.

Danish vulnerability tracker Secunia lumped the five bugs under an "extremely critical" rating, its highest.

Separate downloads are available on Apple Downloads for Mac OS X 10.3.9 (Panther) clients and servers, as well as Mac OS X 10.4.5 (Tiger) Intel and PowerPC clients. Mac users who have Software Update enabled will automatically receive the update.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of September 25, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.