Apple Patches 21 Security Glitches

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Apple is updating its Mac OS X to version 10.5.6 with a security patch update that fixes at least 21 security vulnerabilities ranging from a kernel fix to an update for Adobe Flash Player.

US-CERT has issued a Technical Cyber Security Alert on the National Cyber Alert System warning about the severity of the Apple issues.

The US-CERT warning said attackers could exploit the vulnerabilities to "execute arbitrary code, gain access to sensitive information, or cause a denial of service."

Among the fixes is an updated Adobe Flash Player to protect against multiple issues.

The Flash Player update for Apple comes after Adobe already updated Flash Player for Windows users.

Among the issues fixed by Adobe is one that prevents a potential clickjacking attack. Clickjacking is a new type of attack vector whereby a user unintentionally clicks on a button or object that is hidden underneath a legitimate object.

The Flash Player update isn't the only Adobe related fix in the Mac 10.5.6 update. Apple Type Server (ATS) gets an update to address the way it handles fonts embedded in a PDF file. Adobe originated the PDF file format.

"An infinite loop may occur in the Apple Type Services server's handling of embedded fonts in PDF files," Apple stated in its advisory. "Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service."

The 10.5.6 update fixes the issue with additional validation of embedded fonts to ensure integrity.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...