Apple plugged 25 security holes in components of its Mac OS X operating system on Monday, closing remote execution vulnerabilities in its Safari Web browser and the Ruby Web programming language.
The software patch -- the fourth this year for Apple's Mac OS X -- also fixed flaws in the open-source Apache Tomcat Java server, Apple's VPN client, the operating system's screen lock, and the handling of potentially unsafe types of content. While the open-source Apache Tomcat server racked up the most vulnerabilities, the most severe issues affect the Ruby Web programming language, WebKit library for Safari, and Mac OS X core library functions.
"Multiple memory corruption issues exist in Ruby's handling of strings and arrays, the most serious of which may lead to arbitrary code execution," the company stated in its advisory. "This update addresses the issue by performing additional validation of strings and arrays."
The Ruby Project patched the flaws in late June after an Apple engineer found the issues.
Apple patched serious flaws in the Windows version of its Safari Web browser last month. The so-called "carpet-bombing" vulnerability allowed a malicious Web site to save files to a user's desktop. The company released a security guide for Mac OS X 10.5 "Leopard" in early June, offering advice to technically-adept users on locking down the latest version of the Mac OS X.
The most recent update from Apple can be downloaded via the company's update service, accessible through the Apple menu.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos