$bbtitle
Apple Stock: 196.19 ( +2.07 )
RSS RSS Twitter Twitter
Search:
AppleInsider.com Archives News Bytes Reviews Anonymous Mailer Submit Story AppleInsider Forums Mac Prices Polls Advertise on AppleInsider Contact AppleInsider
Save over $268 on MacBook Pros and $150 on iMacs with special coupons: Mac Pricing Guide updated Feb. 9th (Find the best prices on Macs).
Tuesday, August 1, 2006

Apple security update plugs holes in Mac OS X

By Katie Marsal

Published: 06:00 PM EST

Apple Computer on Tuesday clamped down on a number of vulnerabilities in its Mac OS X operating system that could pose as backdoors for hackers or malicious users.

iPad hands-on preview
In a recommended security release labeled Security Update 2006-004 -- the fourth such update this year -- Apple said it tightened loose ends in AFP Server, Bluetooth, Bom, DHCP, dyld, fetchmail, gnuzip, ImageIO, LaunchServices, OpenSSH, telnet and WebKit.

In particular, the update improves Bluetooth Setup Assistant by increasing the length of the automatically generated pairing passkey from six characters to eight characters. It also adds additional checks to prevent against maliciously-crafted GIF, TIFF, Radiance or Canon RAW images that could lead to application crashes and arbitrary code execution.

Similarly, Apple increased preventative measures surrounding maliciously-crafted: Zip archives, BOOTP requests, TELNET servers and HTML documents. It also patched a vulnerability where an attacker attempting to log in to an OpenSSH server with a nonexistent account could causes the authentication process to hang. "An attacker can exploit this behavior to detect the existence of a particular account," Apple said. "A large number of such attempts may lead to a denial of service."

Another improvement focuses on Safari's ability to detect safe files from those that could potentially include malicious JavaScript files. Previous versions of the browser may have erroneously identified certain files containing HTML as "safe". If such a file is downloaded in Safari and Safari's "Open `safe' files after downloading option is enabled, the HTML document would automatically be opened from a local URI. "This would allow any JavaScript code embedded in the document to bypass access restrictions normally imposed on remote content," Apple explained. "This update provides additional checks to identify potentially malicious file types so that they are not automatically opened."

Other security improvements in Security Update 2006-004 target access loopholes in File Sharing and a vulnerability in the Mac OS X dynamic loader where malicious local users could influence the loading of dynamic libraries in order to gain elevated privileges.

A complete list of security enhancements is available through Apple's support site.
16 Comments ] 
  Print ] [ Story Link ] 

AppleInsider seeks night/weekend writer-editor.
Mac Poker players can play Full Tilt Poker for Mac and get 100% to $600 free with bonus code MP600, courtesy of Online Poker Mac
AppleInsider Features
Hot Forum Topics

Recent Articles
Apple seen to extend exclusive iPhone deal with AT&T
iTunes price increases mean slower sales for music labels
Apple introduces 64-bit Aperture 3 with Faces and Places
Apple's share of U.S. smartphone market grows to 25% - study
iPhone OS 3.1.3 sees 14% adoption in 6 days, new hack released
Amazon rethinking Kindle in the wake of Apple iPad
Purported 4th gen Apple iPhone parts show largely unchanged design
Execs say Apple could lower iPad price if market demands it - report
Consumers lose interest in iPad after Apple's unveiling - survey
Higher Amazon e-book prices expected to coincide with iPad launch
Inside Apple's iPad: VGA video output
Unannounced Core i7 Apple MacBook Pro surfaces in benchmarks logs
Apple's new beta of Mac OS X 10.6.3 includes few changes
One in five physicians likely to purchase Apple iPad - study
Sling Media says it didn't change iPhone SlingPlayer to appease AT&T
Credit Suisse: 75% chance AT&T keeps iPhone exclusivity in 2010
Apple denying iPhone apps that use location framework for targeted ads
Apple's iPad deal gives Hachette pricing leverage against Amazon
Eccentric but effective Steve Jobs pitches iPad to NYT execs
Owners of flickering 27-inch iMacs claim 15% refund from Apple
IDC: Apple iPhone was No. 3 smartphone in 2009 with 14.4% of market
Future Apple iPhones could share current location during a call
AT&T, Sling Media partner to allow 3G access on iPhone SlingPlayer
Apple's iTunes Preview now offers browser-based App Store access
Amazon acquires touch-screen maker for future Kindle project
Nehalem Mac Pro systems suffer audio-based performance issues
Two new hires are Apple's latest moves in mobile advertising
AT&T outbid Verizon with cheaper Apple iPad data plans - rumor
Apple seen moving 2M iPads in 2010 before sales 'catalyst' emerges
Apple iPad deal pushes another publisher to renegotiate with Amazon
Apple allegedly selects new manufacturer for next-gen iPhone
ScrollMotion tapped by publishers to develop textbook apps for iPad
Apple denies iMac production halt as shipment times improve
Apple releases iPhone OS 3.1.3 with battery reporting fix
U.S. senator presses Apple on human rights practices in China
Photo of Apple's next-generation iPhone in the wild - sources
Despite sales growth, Apple's iPhone loses market share - report
Intel 6-core i7-powered Mac Pro rumored to launch this month
iPad photos show slot for forward-facing video camera
Apple releases 2nd potential fix for flickering 27-inch iMacs

 
Advertisements








AppleInsider RSS Feed
AppleInsider © 1997-2008
Please review our Privacy Policy.
Written/Edited/Compiled by the AppleInsider Staff.