Apple Patches 21 Security Glitches
Latest Apple patch haul includes some late fixes for Adobe Flash.
Apple is updating its Mac OS X to version 10.5.6 with a security patch update that fixes at least 21 security vulnerabilities ranging from a kernel fix to an update for Adobe Flash Player.
US-CERT has issued a Technical Cyber Security Alert on the National Cyber Alert System warning about the severity of the Apple issues.
The US-CERT warning said attackers could exploit the vulnerabilities to "execute arbitrary code, gain access to sensitive information, or cause a denial of service."
The Flash Player update for Apple comes after Adobe already updated Flash Player for Windows users.
Among the issues fixed by Adobe is one that prevents a potential clickjacking attack. Clickjacking is a new type of attack vector whereby a user unintentionally clicks on a button or object that is hidden underneath a legitimate object.
The Flash Player update isn't the only Adobe related fix in the Mac 10.5.6 update. Apple Type Server (ATS) gets an update to address the way it handles fonts embedded in a PDF file. Adobe originated the PDF file format.
"An infinite loop may occur in the Apple Type Services server's handling of embedded fonts in PDF files," Apple stated in its advisory. "Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service."
The 10.5.6 update fixes the issue with additional validation of embedded fonts to ensure integrity.