Average Rating: Rate this article:

Apple Plugs Critical OS X Vulnerabilities By Elizabeth Millard September 26, 2005 8:59AM     By crafting a corrupt GIF image, an attacker could trigger a buffer overflow in ImageIO, a Java tool used to display images, resulting in the ability of the attacker to execute arbitrary code on the targeted machine. Several components of OS X use ImageIO, including WebCore and the Safari browser.   Related Topics mac os x security Latest News Google Buzz Connects Gmail Users Intel Launches Itanium 9300 Series iPhone OS, Android Gain in Q4 Nvidia Auto-Switches Notebook GPU Macworld Focuses on Mobile Apps Apple Computer has issued fixes for 10 security holes that have been rated as "critical" by security firms. The patches, which are available through Apple's Web site, fix vulnerabilities in versions 10.3.9 and 10.4.2 of the company's Mac OS X operating system . Although no exploits have been reported as of yet, both Symantec and the French Security Incident Response Team have noted that the flaws are serious and that users with those systems should apply the patches immediately. Patch Work With the vulnerabilities, machines running the affected systems could be targets for remote attack, which could be done with images sent through e-mail, Apple has noted. For example, by crafting a corrupt GIF image, an attacker could trigger a buffer overflow in ImageIO, a Java tool used to display images, resulting in the ability of the attacker to execute arbitrary code on the targeted machine. Several components of OS X use ImageIO, including WebCore and the Safari browser. Other areas of the system that have been fixed include Ruby, QuickDraw Manager, QuickTime for Java and SecurityAgent. A flaw in the system's Authorization Services would have allowed unprivileged users to grant certain rights usually restricted to administrators, Apple noted. With admin privileges, malicious users could manipulate files or perform other actions remotely. System Error The discovery of critical flaws in OS X is not surprising, said Sophos senior technology consultant Graham Cluley. "Any complicated operating system is likely to have bugs, and Apple is not immune," he noted. "What's important for users to know is that they should patch right now, even if there are no actual threats exploiting these flaws." Even though the vulnerabilities are critical, the actual threat is minimal because there is very little malware written for the Mac OS, said Cluley. Virus and worm writers tend to focus on Microsoft 's operating systems because they can infect more users that way. But the discovery of flaws in OS X is a heads-up that no company is completely safe, Cluley added. "It's a useful reminder that Microsoft isn't the only one that has vulnerabilities," he said.   Tell Us What You Think Your Comment: Also Visit: iPad Info Center Billions of Bytes Mobile Device Now Apple Info Center TopTechWire.com Advertisement  Data Security 1.   China Busted Hacker-Training Site 2.   FBI Tackles Haiti-Relief Scams 3.   Patch Tuesday Will Tie MS Record 4.   Google Apps Controls Mobile Devices 5.   Torrent Traps Used To Harvest Logins Torrent Traps Used To Harvest Logins Web sites sold with backdoor access. Average Rating: Social Networks: A Hacker's Delight Workers urged to be 'trained skeptics.' Average Rating: Google Attack Highlights Black Market Paying for bug info is hotly debated. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business CRM Systems   Experience CRM—and Business—Success today with Salesforce.com. Data Storage   AT&T Synaptic Storage as a Service. Learn more. Enterprise Hardware   Trade in your old printer and save up to $400.   Find out why now is the best time to buy a new APC Smart-UPS!   HP ProLiant G6 Servers. Perform like a superstar, Save like an accountant. Enterprise I.T.   Tell us what you think. Take a survey.   AT&T Synaptic Storage as a Service. Learn more.   Find out why now is the best time to buy a new APC Smart-UPS!   Stand out from other IS Professionals and increase your earning potential. Enterprise Software   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Microsoft/Windows   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2.

Enterprise Hardware Spotlight

Nvidia Auto-Switches Notebook GPU To Save Battery Life Nvidia has taken the wraps off a notebook technology that chooses the best graphics processor for any given application and automatically routes the workload to Nvidia or Intel processors.   Microsoft Says Battery Woes Not Caused By Windows 7 Battery problems on Windows 7 machines are not caused by the operating system. That's the position of Stephen Sinofsky, head of the Windows division, in a long posting on the Windows engineering blog.   IBM's New POWER7 Servers Save Energy with Big Loads IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."

Enterprise Technology Spotlight

Intel Launches Quad-Core Itanium 9300 Series Processor After two unexpected delays, Intel has launched the Itanium 9300 series, a 64-bit, quad-core processor code-named Tukwila that is expected to double the performance of its predecessor.   Google May Add Facebook, Twitter Links to Gmail Google will reportedly roll more social-networking features into Gmail, the fastest-growing e-mail service. The new features could save users the trouble of switching to Facebook or Twitter.   IBM's New POWER7 Servers Save Energy with Big Loads IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | Free Whitepapers | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2010 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.