Apple published a major software update on Wednesday, fixing at least 40 vulnerabilities in the open-source and proprietary components of the company's Mac OS X operating system.
The update patches eight vulnerabilities in the open-source Apache Web server and seven vulnerabilities in Adobe's Flash Player plug-in. While the Apache flaws amount to, at most, cross-site scripting attacks, the Flash Player flaws could allow a malicious Flash file (SWF) to execute on the victim's system, Apple stated in its security advisory.
The company also fixed five vulnerabilities in its ImageIO component that could allow denial-of-service attacks, information leakage, and in one case, possible code execution. The update also patches two flaws in the kernel that allow both local and remote users the ability to shutdown the system. A flaw in the way that the Mac's Mail program handles the Internet's next-generation addressing scheme, IP version 6, could allow remote code execution, Apple stated.
The latest update is the third so far this year for the Mac OS X. The company patched more than 100 vulnerabilities in March and has issued several fixes for its popular media player software, QuickTime.
Mac OS X automatically checks for patches and downloads any published fixes. However, concerned users can used the "Software Update..." feature, available under the Apple menu, to install the latest fixes right away.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos