blob: aadd5f6a7db18406c5238d261c77ed73116fb344 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Apple has [released an extensive security update for Mac OS X][1] including patches for flaws discovered by the Month of Apple Bugs project. Security Update 2007-004 can be downloaded and installed via Software Update or direct from Apple downloads.
Security Update 2007-004, which is the fourth such release this year, fixes flaws in the Installer and Help Viewer programs to prevent format string exploits, a vulnerability [discovered][3] during the Month of Apple Bugs project.
Other fixes include improvements to the UFS file system validation to prevent an exploit involving malicious disk image files and improved error reporting in Libinfo to prevent malicious webpages executing arbitrary code.
The update also includes a patch that changes the AirPortDriver module to prevent a local user from execute arbitrary code with elevated privileges. For the average OS X user this probably isn't a huge problem, but in corporate or other large IT infrastructures the flaw could be a serious vulnerability.
Along with the Airport patch there are two fixes to prevent a user from bypassing the login and screen saver authentication dialogs.
The update is recommended for all Mac OS X users and can be downloaded by selecting the Software Update preference pane in System Preferences.
[1]: http://docs.info.apple.com/article.html?artnum=305391 "About Security Update 2007-004"
[2]: http://projects.info-pull.com/moab/ "Month of Apple Bugs"
[3]: http://projects.info-pull.com/moab/MOAB-30-01-2007.html "Multiple Apple Software Format String Vulnerabilities"
|
