Apple Releases Tiger, Leopard Security Updates
Apple is pushing out updates to plug at least 10 different security holes in computers powered by its Tiger (OS X 10.4.x) and Leopard (10.5.x) operating systems. Mac users can grab the latest patches via Software Update or directly from Apple Downloads.
One of the updates fixes eight vulnerabilities in OS X Leopard and Leopard Server. The other patch plugs four security holes in OS X Tiger. Among the more interesting flaws corrected in the Leopard release involves a problem with the way Apple's built-in Launch Services interacts with Time Machine, a slick new system backup utility included in Leopard. Launch Services lets users open applications, files or URLs in a way similar to the Finder application on OS X. Apple says that even when an application has been uninstalled from the system, Launch Services may allow it to be started if it is still present in a Time Machine backup.
In the Tiger roundup, Apple finally fixed one of the few remaining unpatched vulnerabilities detailed in last year's Month of Apple Bugs project. Researcher Kevin Finesterre, whom Apple credits for discovering this flaw, says he first reported the vulnerability to Cupertino in August 2006. Sample instructions showing would-be attackers how to exploit this vulnerability to break into Macs have been available online since Jan 17, 2007.
The comments to this entry are closed.