Apple issues security vulnerability patch for Mac OS X

March 02, 2006 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have urged users of the Apple Mac OS X operating system to install an important new security update.

Apple has issued the new security update, which fixes a number of flaws in the Mac OS X operating system that could be exploited by malicious hackers or malware. The vulnerabilities, if left unpatched, could allow hackers to run dangerous code on innocent unprotected computers.

The security update affects the following Mac OS X components:

apache_mod_php
automount
Bom
Directory Services
iChat
IPSec
LaunchServices
LibSystem
loginwindow
OpenSSH
rsync
Safari
Syndication

Amongst the fixes is an update to the Safari web browser which was found to be vulnerable to malicious shell scripts. Additionally the iChat instant messaging system has been updated to warn of potentially malicious file types being transmitted. The update to iChat has been issued in the wake of the discovery of the OSX/Leap-A worm last month.

Separate downloads are available on Apple's website for Mac OS X v10.3.9 "Panther" client and server versions, as well as Mac OS X v10.4.5 "Tiger" Intel and PowerPC versions.

"Apple Macs have been in the news for the last few weeks regarding a number of security issues," said Graham Cluley, senior technology consultant at Sophos. "It's important that all computer users are protected against the latest attacks, and have their computers properly patched against vulnerabilities in the operating system. It would be a mistake to think that security flaws are only found in Microsoft's products."

Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection.