Modernizing Authentication — What It Takes to Transform Secure Access
has rolled out a major security update
to fix several vulnerabilities in its flagship Mac OS X Panther client
The patch, which is rated "highly critical" by security research firm Secunia, addresses security flaws that put Mac OS X users at risk of sensitive data leakage, Denial of Service attacks and system access.
According to an Apple advisory, the Mac OS X 10.3.5 update corrects multiple vulnerabilities in libpng that can be exploited by malicious hackers to compromise a user's system.
The U.S. government's Computer Emergency Readiness Team (US-CERT) has previously issued a warning that bugs in libpng, the reference library that supports the Portable Network Graphics (PNG) image format, could allow a remote attacker to commandeer a vulnerable machine.
The upgrade also includes improved support for NTFS formatted volumes; updates for ATI and NVIDIA graphics drivers; updated Mail and Image Capture applications; and improved compatibility for third-party applications, Apple said.
Also patched are specific vulnerabilities in Apple's Safari Web browser. The upgrade plugs a hole that could open the door to phishing attacks and addresses a flaw that could be used by a malicious Web site to steal sensitive information from forms.