Apple releases security update for Mac OS X
Apple has released security updates for Mac OS X that fix several vulnerabilities. These flaws can be exploited by remote or local attackers to execute arbitrary code, carry out denial of service attacks or disclose sensitive information.
ÂÂ
The first vulnerability lies in an error in AFP server when showing the search results. This flaw could be exploited to disclose information about folders and files to which the attacker does not have access.
ÂÂ
The second flaw is based on a stack overflow in ImageIO when processing TIFF images with a specific format. An attacker could send specially-crafted images that, when viewed by the target user, would cause a denial of service in the application and compromise the system.
ÂÂ
The third problem corrected has been detected in the OpenLDAP server when processing certain invalid LDAP requests. A remote attack could exploit this vulnerability to cause a denial of service.
ÂÂ
The fourth and fifth vulnerabilities are related to the launch and ClamAV utilities, and could be exploited to run arbitrary code and compromise systems.
ÂÂ
The affected Mac OS X systems include versions 10.4 to 10.4.6. It is recommendable to update to the new version 10.4.7.
Source: Panda Software.