Apple released updates for the Panther and Jaguar versions of Mac OS X that fix security issues in the operating systems' printing, mail and encryption capabilities, as well as a critical vulnerability in the handling of Web addresses.
Apple gave little information about the patches, which were published on Monday and are available on the company's Web site. However, information on two of the vulnerabilities could be found at the Web site of the Common Vulnerability Encyclopedia, which is an attempt by Mitre, a systems engineering and information technology research organisation, to create a complete database of software flaws.
The most critical vulnerabilities, in a common Unix library for the extensible markup language (XML), could allow an attacker to execute code on a victim's computer by sending a long address, also known as a Uniform Resource Locator, or URL.
Apple also fixed two flaws in OpenSSL that made PCs vulnerable to a denial-of-service attack. OpenSSL is the open-source software implementation of the secure sockets layer (SSL) protocol for encrypting communications on the Internet. The software is widely used in networking equipment and on Linux servers.
Apple released little information on the flaws in the Mac OS X's printing capabilities and the system's mail services. The Mac OS X uses its own version of the Common Unix Printing System.
While all four vulnerabilities had listings in the Common Vulnerability Encyclopedia, references to the printing and mail flaws were reserved by Apple and contained no other information.
Talkback
how come no one is crying out loud that Mac is patching? despite the paucity of patches fr Windows nowadays, every single one triggers a "HAH! Told u it was unsecure!" response from most experts. do i smell unfairness here. especially since Apple wont even disclose WHAT the patches were exactly about.