Apple issues security vulnerability patch for Mac OS X

Sophos Press Release

Flaws could be exploited by malicious hackers

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have urged users of the Apple Mac OS X operating system to install an important new security update.

Apple has issued the new security update, which fixes a number of flaws in the Mac OS X operating system that could be exploited by malicious hackers or malware. The vulnerabilities, if left unpatched, could allow hackers to run dangerous code on innocent unprotected computers.

The security update affects the following Mac OS X components:

apache_mod_php
automount
Bom
Directory Services
iChat
IPSec
LaunchServices
LibSystem
loginwindow
OpenSSH
rsync
Safari
Syndication

Amongst the fixes is an update to the Safari web browser which was found to be vulnerable to malicious shell scripts. Additionally the iChat instant messaging system has been updated to warn of potentially malicious file types being transmitted. The update to iChat has been issued in the wake of the discovery of the OSX/Leap-A worm last month.

Separate downloads are available on Apple's website for Mac OS X v10.3.9 "Panther" client and server versions, as well as Mac OS X v10.4.5 "Tiger" Intel and PowerPC versions.

"Apple Macs have been in the news for the last few weeks regarding a number of security issues," said Graham Cluley, senior technology consultant at Sophos. "It's important that all computer users are protected against the latest attacks, and have their computers properly patched against vulnerabilities in the operating system. It would be a mistake to think that security flaws are only found in Microsoft's products."

Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.