Apple Patches 40 Security Holes
Apple on Wednesday released an update to fix at least 40 different security holes in computers powered by its Mac OS X operating system and other software, including a just-in-time update to fix a dangerous vulnerability in the Adobe Flash Player that is being rather heavily exploited at the moment in Microsoft Windows versions of the player.
The Flash update brings the Mac version of the Flash Player up to the latest 18.104.22.168 version, which protects users against a proliferating number of sites using vulnerabilities in older Flash versions to install malicious software on exposed computers. While the attackers are so far delivering viral payloads designed exclusively for Microsoft Windows systems, the researcher who discovered the method by which the flaw is being attacked warned that the vulnerability could be similarly exploited on any operating system for which Flash is available, including Mac OS X.
At least seven of the security issues patches in Apple's update involve flaws in image file formats that could be exploited merely by convincing a Mac user to click on a tainted link or view a specially-crafted malicious image.
Also patched in this roundup is a security hole in iCal that researchers at Core Security reported to Apple in January. The Core folks found that by tricking an unsuspecting user into opening a specially-crafted calendar file (one ending in ".ics"), an attacker could plant malicious software on a Mac user's machine.
For a dispassionate account of how Apple often deals with security researchers, check out Core's timeline of their interaction with Apple's security team, which appears to have dithered about the severity and number of flaws involved for nearly six months before releasing a single fix. Core's advisory went out more than a week ago, after Apple missed a coordinated patch/vulnerability advisory release date for the fifth time in a row.
May 29, 2008; 6:35 AM ET
Categories: New Patches
Save & Share: Previous: Symantec Pledges Less Bloat, More Speed
Next: New Trillian IM Software Fixes Three Security Holes
Posted by: Martin | May 29, 2008 8:10 AM | Report abuse
Posted by: pat b | May 29, 2008 11:29 AM | Report abuse
Posted by: umm.huh | May 29, 2008 12:39 PM | Report abuse
Posted by: SidInKeyWest | May 29, 2008 1:04 PM | Report abuse
Posted by: Anonymous | May 29, 2008 1:20 PM | Report abuse
Posted by: Mark | May 29, 2008 1:47 PM | Report abuse
Posted by: rich | May 30, 2008 6:57 AM | Report abuse
Posted by: John thomas | May 31, 2008 12:04 PM | Report abuse
Posted by: Drexus | May 31, 2008 1:50 PM | Report abuse
Posted by: Pete from Arlington | June 2, 2008 12:51 PM | Report abuse
Posted by: t_joe | June 3, 2008 9:33 AM | Report abuse
Posted by: Rick | June 7, 2008 5:14 AM | Report abuse
The comments to this entry are closed.