Apple Patches 20 Mac OS X Flaws

Apple has issued a major security update for Mac OS X 10.3, comprised of 20 patches for various applications and libraries. The advisory comes just days after the release of Apple's new OS, which is not affected. Security firm Secunia has given the vulnerabilities a cumulative rating of "highly critical."

Specifically, a flaw in the way Apple's AppKit handles TIFF images could lead to arbitrary code execution on an unpatched system.

Apache, which ships with Mac OS X, could also open the door for a remote system compromise due to a buffer overflow in the Web server's htdigest program. However, Secunia said a possible exploit for the flaw is unlikely.

Another critical issue resolved in the update relates to AppleScript, Apple's native Mac scripting language. A flaw in the URI mechanism could lead to an AppleScript executing differently than displayed. Apple has also fixed buffer overflows in the Foundation framework, libXpm and NetInfo.

Bluetooth support that ships with Mac OS X contains two issues that were corrected. The first involves file transfer while the second vulnerability could lead to the access of files outside the default file exchange directory.

The May security patches pertain only to Mac OS X 10.3.9 and Mac OS X Server of the same version. Users can download the update using Software Update or via Apple's Web site. More information on the fixed flaws can be found in the full security advisory.