$bbtitle
Apple Stock: 199.92 ( -0.59 )
RSS RSS Twitter Twitter
Search:
AppleInsider.com Archives News Bytes Reviews Anonymous Mailer Submit Story AppleInsider Forums Mac Prices Polls Advertise on AppleInsider Contact AppleInsider
Save up to $280 on new MacBook Pros and up to $165 on brand new iMacs with special coupons: Mac Pricing Guide updated Nov 20th (Find the best prices on Macs).
Tuesday, August 1, 2006

Apple security update plugs holes in Mac OS X

By Katie Marsal

Published: 06:00 PM EST

Apple Computer on Tuesday clamped down on a number of vulnerabilities in its Mac OS X operating system that could pose as backdoors for hackers or malicious users.

In a recommended security release labeled Security Update 2006-004 -- the fourth such update this year -- Apple said it tightened loose ends in AFP Server, Bluetooth, Bom, DHCP, dyld, fetchmail, gnuzip, ImageIO, LaunchServices, OpenSSH, telnet and WebKit.

In particular, the update improves Bluetooth Setup Assistant by increasing the length of the automatically generated pairing passkey from six characters to eight characters. It also adds additional checks to prevent against maliciously-crafted GIF, TIFF, Radiance or Canon RAW images that could lead to application crashes and arbitrary code execution.

Similarly, Apple increased preventative measures surrounding maliciously-crafted: Zip archives, BOOTP requests, TELNET servers and HTML documents. It also patched a vulnerability where an attacker attempting to log in to an OpenSSH server with a nonexistent account could causes the authentication process to hang. "An attacker can exploit this behavior to detect the existence of a particular account," Apple said. "A large number of such attempts may lead to a denial of service."

Another improvement focuses on Safari's ability to detect safe files from those that could potentially include malicious JavaScript files. Previous versions of the browser may have erroneously identified certain files containing HTML as "safe". If such a file is downloaded in Safari and Safari's "Open `safe' files after downloading option is enabled, the HTML document would automatically be opened from a local URI. "This would allow any JavaScript code embedded in the document to bypass access restrictions normally imposed on remote content," Apple explained. "This update provides additional checks to identify potentially malicious file types so that they are not automatically opened."

Other security improvements in Security Update 2006-004 target access loopholes in File Sharing and a vulnerability in the Mac OS X dynamic loader where malicious local users could influence the loading of dynamic libraries in order to gain elevated privileges.

A complete list of security enhancements is available through Apple's support site.
16 Comments ] 
  Print ] [ Story Link ] 


Download Parallels 5.0 Today
Mac Poker players can play Full Tilt Poker for Mac and get 100% to $600 free with bonus code MP600, courtesy of Online Poker Mac
AppleInsider Features
Hot Forum Topics

Recent Articles
Smoking may void Applecare warranty due to "health hazard"
Inside Google's Android and Apple's iPhone OS as software markets
Apple's App Store approval process gets partially automated
TomTom to release iPod touch-specific GPS car kit
China Unicom expects 10% of 3G users on iPhone in 3 years
Steve Jobs e-mails terse response to upset Apple developer
Hack re-enables Atom processor compatibility for Mac OS X 10.6.2
Microsoft shareholders grill CEO about Apple, iPhone
Google outlines Chrome OS plans for netbooks
Sony announces iTunes competitor for music, movies, books
Apple investigates space-age fitness tracking technology
Web search statistics show Bing stagnant, Google growing
New apps said to make iPod touch more prominent in Apple stores
Piper: Apple tablet no more than $700, launch timing irrelevant
Major publisher preps for Apple tablet as delay, OLED rumors surface
AT&T faces setback in legal battle over Verizon ads [u]
TomTom app updated to support iPod touch, first-gen iPhone
Oct. estimates suggest Apple will sell 2.9M Macs this quarter
Microsoft retail store gets odd viral marketing buzz
Rumored 'Google Phone' said to be coming in 2010
Evidence suggests Apple at work on Mac OS X 10.7
iPhone approved in South Korea; China Mobile talks continue
AT&T upgrades network as wireless traffic quadruples over past year
Apple store in upscale Greenwich, Conn., to open Saturday
Needham downgrades Apple stock on technicality
Verizon rumored to embrace Palm in 2010 to combat iPhone
Apple's iPhone App Store takes off in China
Belgian heist lands thousands of stolen Apple iPhones
Verizon responds to AT&T in court: 'The truth hurts'
Apple said to release iPhone app for in-store appointments
OnLive cloud gaming service demonstrated on Apple's iPhone
Apple tablet speculation: high-end graphics, several models
Microsoft looks to combat Apple globally with Zune content
Apple met with AdMob weeks before acquisition by Google
Apple earns key legal victory against Psystar
Apple looks to hire AAA game developer for in-house iPhone team
Apple's next-gen iPhone power amp; NASA chemical sensor app
Bill Gates praises Steve Jobs for saving Apple
AT&T responds to 'false and misleading' Verizon ads
Apple unveils browser-based iTunes Preview

AppleInsider Market Place

Sell your Laptop - working or not. Free shipping.: Get an instant online quote and sell your laptop today !

Believe in Office: Save Up To 25% on Office 2004 For Mac. Visit Our Site for Details!

IBackup - SMB Online Backup: IBackup is the preferred online storage and backup service of choice for SMBs for its ease of use, security and value. Offers automated backup and restore, file selection and securiy.

Download free software - everyday updated freeware files

 
Advertisements








AppleInsider RSS Feed
AppleInsider © 1997-2008
Please review our Privacy Policy.
Written/Edited/Compiled by the AppleInsider Staff.