Average Rating: Rate this article:

Apple Plugs Critical OS X Vulnerabilities By Elizabeth Millard September 26, 2005 8:59AM     By crafting a corrupt GIF image, an attacker could trigger a buffer overflow in ImageIO, a Java tool used to display images, resulting in the ability of the attacker to execute arbitrary code on the targeted machine. Several components of OS X use ImageIO, including WebCore and the Safari browser.   Related Topics mac os x security Latest News Plasma-TV Ban Could Be Costly Barnes & Noble Nook Is Delayed Flat PC Shipments Hurt Dell's Stock Ballmer Says Windows 7 Sales Good New Pogoplug 'Cloud' Gets Social Apple Computer has issued fixes for 10 security holes that have been rated as "critical" by security firms. The patches, which are available through Apple's Web site, fix vulnerabilities in versions 10.3.9 and 10.4.2 of the company's Mac OS X operating system. Although no exploits have been reported as of yet, both Symantec and the French Security Incident Response Team have noted that the flaws are serious and that users with those systems should apply the patches immediately. Patch Work With the vulnerabilities, machines running the affected systems could be targets for remote attack, which could be done with images sent through e-mail, Apple has noted. For example, by crafting a corrupt GIF image, an attacker could trigger a buffer overflow in ImageIO, a Java tool used to display images, resulting in the ability of the attacker to execute arbitrary code on the targeted machine. Several components of OS X use ImageIO, including WebCore and the Safari browser. Other areas of the system that have been fixed include Ruby, QuickDraw Manager, QuickTime for Java and SecurityAgent. A flaw in the system's Authorization Services would have allowed unprivileged users to grant certain rights usually restricted to administrators, Apple noted. With admin privileges, malicious users could manipulate files or perform other actions remotely. System Error The discovery of critical flaws in OS X is not surprising, said Sophos senior technology consultant Graham Cluley. "Any complicated operating system is likely to have bugs, and Apple is not immune," he noted. "What's important for users to know is that they should patch right now, even if there are no actual threats exploiting these flaws." Even though the vulnerabilities are critical, the actual threat is minimal because there is very little malware written for the Mac OS, said Cluley. Virus and worm writers tend to focus on Microsoft 's operating systems because they can infect more users that way. But the discovery of flaws in OS X is a heads-up that no company is completely safe, Cluley added. "It's a useful reminder that Microsoft isn't the only one that has vulnerabilities," he said.   Advertisement  Software 1.   FAA Glitch Causes Air Travel Delays 2.   Call of Duty Is Setting Records 3.   MS Told To Stop Some Windows Sales 4.   Peer-to-Peer Software Ban Sought 5.   Better Maps, Made by Volunteers Windows 7: More Secure, More Fun New OS can make users' lives easier. Average Rating: FAA Glitch Causes Air Travel Delays Computer software malfunction cited. Average Rating: Better Maps, Made by Volunteers Companies rely on locals with GPS. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business CRM Systems   Experience CRM—and Business—Success today with Salesforce.com. Contact Centers   Run Your Entire Contact Center in the Cloud with LiveOps Enterprise Hardware   Go Green with IBM Blade Center    Enterprise I.T.    Rackspace: It makes a difference when you focus on support.   Go Green with IBM Blade Center   APC introduces server room in a box solutions!   Tell us what you think. Take a survey.   Find out how much you can save with the SQL Server value tool.   See how AT&T can help protect your network. Enterprise Software   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Microsoft/Windows   Rackspace: It makes a difference when you focus on support   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Network Security   See how AT&T can help protect your network.

Network Security Spotlight

House Lawmakers Push Ban on Peer-to-Peer Software Stung by an embarrassing electronic leak revealing ethics investigations into dozens of lawmakers, Congress moved to prohibit federal employees from using the file-sharing software blamed for the disclosure.   GAO: Los Alamos Computer Security Has Weaknesses Security weaknesses uncovered in Los Alamos National Laboratory's computer network increase the risk of a classified-information breach, says the Government Accountability Office.   Computer Security Firm Fortinet Plans IPO This Week Fortinet plans to go public in an initial public offering, giving investors a chance to tap a network security provider with sales that are expected to grow. The IPO could be valued at $137.5 million or more.

Enterprise Hardware Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   New Pogoplug 'Personal Cloud' Does Social Networking Cloud Engines has released its newest version of the Pogoplug, a small "multimedia sharing device" that connects hard drives to the Internet and allows a user to access the files remotely.   Apple Tablet Rumored Delayed as Publisher Gears Up There have been so many rumors of an Apple tablet that it has taken on legendary status. But now the legend is being revised with reports of a delay and that a major publisher is getting ready.

Enterprise Technology Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   Smartphones: A Bigger Target for Security Threats Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them attractive to thieves and hackers.   FBI Says Hackers Targeting Law Firms, PR Companies Hackers are targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | Free Whitepapers | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2009 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.