Apple warned that the Mac OS X operating system contains 13 security flaws, some of them serious. The company issued a cumulative patch for the
bugs today.
The flaws could allow remote code execution, security breaches, spoofing, cross-site scripting, denial-of-service attacks and other problems, according to Apple. Some of the flaws can be exploited from the Internet.
The most serious of the flaws -- including bugs in CoreFoundation and Safari -- could let an attacker remotely execute malicious code, effectively taking over the system. Safari is also vulnerable to less serious attacks, one in which the browser downloads files into a different location, and a spoofing flaw involving JavaScript dialogue boxes.
Other flaws could allow the downgrading of Secure Sockets Layer connections to an earlier, less secure SSL version -- known as a protocol downgrade attack; privilege escalation by local users; a cross-site scripting flaw in Apache; and the ability to forge syslog entries.