Monday, March 29, 2010

Huge Mac OS X Security Patch set released Monday, 28 March

If you run a Mac, it's time to get patching.

Apple plugs 88 Mac OS X security holes | Zero Day |
Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.

The Mac OS X v10.6.3 update, which is considered “critical,” covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.

In some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.

In another case, a Mac user running spell-check could have his/her machine hijacked by hackers.

The update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.

It also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.

Here’s the full list of the patched vulnerabilities.

US-CERT Current Activity
Apple Releases Security Update 2010-002 and Mac OS X v10.6.3
added March 29, 2010 at 02:37 pm

Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security restrictions, or operate with elevated privileges.

US-CERT encourages users and administrators to review Apple Article HT4077 and apply any necessary updates to help mitigate the risks.

Scores of flaws fixed in mammoth Apple security update - SC Magazine US
Apple on Monday issued updates to Mac OS X Snow Leopard and Leopard to correct scores of security vulnerabilities that could allow an attacker to access user data, execute arbitrary code, obtain system privileges, or cause a denial-of-service condition, Apple said in its advisory.

More technical details here:APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3

No comments: