Apple: Panther Sharpens Claws With New Update

    May 4, 2005

Apple put out their latest security update (2005-005) on Tuesday. It has a number of fixes for OS X v10.3.9 and the Server v10.3.9. This patch provides a number of fixes for several systems including the following:

MACWORLD had some nice descriptions of the problems:

ApacheC : Apple has corrected a buffer overflow problem in htdigest that result in a remote system compromise.

AppKit: Apple has posted fixes for AppKit associated with malformed TIFF images.

AppleScript: A fix has been made for the way that AppleScript’s URI mechanism displays code.

Bluetooth: This update makes changes to how Bluetooth file exchange is handled in order to improve security. It also enhances filtering for path-delimiting characters.

Finder: The Finder has been updated with improved handling of .DS_Store files.

Help Viewer: Help Viewer could be used to run Javascript without the normally imposed restrictions; this update corrects that.

Terminal: Malicious content could inject data when displayed in a Terminal session. The issue has been corrected.

VPN: A buffer overflow in “vpnd” could be used by a local user to obtain root privileges if the system is configured as a VPN server. This update prevents the buffer overflow from occurring.

Thanks to the MAC website and MACWORLD for the information. If you need more, please check out Apple’s Web site

John Stith is a staff writer for WebProNews covering technology and business.