|
|
Thursday, December 1, 2005
|
Apple Releases Patch for 13 Security Flaws
|
|
You are sending an email that contains the article
and a private message for your recipient(s). |
| Your Name: |
|
| Your e-mail: |
* Required! |
| Recipient (e-mail): |
* |
| Subject: |
* |
| Introductory Message: |
|
HTML/Text
(Photo: Yes/No) |
(At the moment, only Text is allowed...)
|
| |
|
| Message Text: |
Apple warned that the Mac OS X operating system contains 13 security flaws, some of them serious. The company issued a cumulative patch for the bugs today.
The flaws could allow remote code execution, security breaches, spoofing, cross-site scripting, denial-of-service attacks and other problems, according to Apple. Some of the flaws can be exploited from the Internet.
The most serious of the flaws -- including bugs in CoreFoundation and Safari -- could let an attacker remotely execute malicious code, effectively taking over the system. Safari is also vulnerable to less serious attacks, one in which the browser downloads files into a different location, and a spoofing flaw involving JavaScript dialogue boxes.
Other flaws could allow the downgrading of Secure Sockets Layer connections to an earlier, less secure SSL version -- known as a protocol downgrade attack; privilege escalation by local users; a cross-site scripting flaw in Apache; and the ability to forge syslog entries. |
|
|
|
|