In what was easily the biggest update in a while, Apple released a massive set of patches on Tuesday afternoon fixing more than 90 vulnerabilities in almost every component of its operating systems.More info at Apple.
To add to the load, Apple updated its Safari browser earlier today for both Mac and Windows, covering a total of 13 vulnerabilities.
Altogether, Tuesday's patches fixed bugs in both the client and server editions of Mac OS X Tiger and Leopard.
The Leopard bundle included fixes for AFP Client, Apache, Application Firewall, ClamAV, CUPS, macs, Help Viewer, Image Raw, Kerberos, mDNSResponder, OpenSSH, pax archive, PHP, Podcast Producer, Preview, Printing, System Configuration, UDF, Wiki Server and X11.
In particular, the Leopard patch bundle fixed several password and authentication problems detected in Kerberos, Podcaster, Preview and Printing. Apple said that Mac OS X Server's Podcast Products included a component that provided passwords to a subtask through arguments which could potentially expose the passwords to other local users.
Similarly, Preview and Printing services contained flaws that could expose the contents of an encrypted PDF without requiring the use of a password.
The Tiger update plugged holes in AFP Client, AFT Server, Apache, AppKit, CFNEtwork, ClamAV, CoreFoundation, CoreServices, CUPS, curl, Emacs, file, Foundation, Help Viewer, Kerberos, libc, notifyd, OpenSSH, PHP, System Configuration and X11.
While Apple doesn't have a designated rating system, numerous vulnerabilities in the latest update allow "arbitrary code execution," alerting users that the errors could be considered a critical threat.
Apple patches 93 bugs
Posted on Thursday, March 20 2008 @ 19:13 CET by Thomas De Maesschalck