| It’s officially Patch Day in the land of the Mac.
On the heels of the release of Safari 3.1, with patches for more than a dozen browser vulnerabilities, Apple has shipped a mega update for its flagship Mac operating system, fixing at least 80 documented vulnerabilities in a wide range of core components.
The Security Update 2008-002, available for Mac OS X desktop and server, covers several critical issues that could lead to remote code execution attacks.
On the desktop side, the Foundation bug (CVE-2008-0059) appears to be the most serious. “Processing an XML document may lead to an unexpected application termination or arbitrary code execution,” Apple warns, noting that an attacker could use a booby-trapped XML file to exploit a race condition in NSXML.
On the server side, security experts are calling attention to a bunch of ClamAV and CUPS vulnerabilities that could cause remote compromise if mail or printer sharing is enabled.
The mega update addresses publicly known flaws in several open-source components — Apache, PHP, ClamAV, OpenSSH and Kerberos — and multiple holes in AppKit.
Other flawed components fixed with this update include Core Foundation, Core Services, curl, Emacs, Help Viewer, ImageRaw, mDNSResponder, Podcast Producer, Preview, Printing and System Configuration.
|
