Serious flaws in Mac OS X and QuickTime software could put Macintosh and Windows systems at risk of attack, Apple Computer has warned.
In a pair of security alerts released on Thursday, Apple outlined 31 flaws that affect various versions of the operating system and a dozen vulnerabilities in its QuickTime media player software. Security experts have deemed the issues "critical", but Apple does not provide a severity rating. Fixes are available.
The Mac OS X vulnerabilities lie in various components of the operating system and affect both the server and client versions, Apple said in an advisory. An attack could be launched using some of the bugs by creating a malformed file, or by building a malicious Web site and enticing someone to visit it, the company said.
"These flaws could be exploited by attackers to execute arbitrary commands, bypass security restrictions, disclose sensitive information or cause a denial of service," the French Security Incident Response Team (FrSIRT), a security-monitoring company, said in an advisory.
The patches indicate that Apple is having a hard time completely resolving a security flaw that surfaced earlier this year. They fix an issue in the "download validation" function, a feature designed to protect Mac users from installing harmful code from a malicious Web site or email — a risk more familiar to Windows users.
Apple added the function in a security update released in early March. Two weeks later, it issued another update to fix some problems with the feature. Thursday's fix tackles another issue: the download validation may be bypassed if a file has a long name, Apple said.
Critics have argued that the download validation function is not enough to address the installation risk, and that Apple needs to correct the problem at a lower level in the operating system.
The QuickTime flaws put both Mac OS X and Windows computers at risk of compromise. All of the vulnerabilities exist because of errors in the way the media player software handles certain files. Specially crafted files in certain media formats — including JPEG, QuickTime, Flash, MPEG4 and AVI — could allow an intruder to hijack a vulnerable system, Apple said in an advisory.
Apple's security update 2006-003 for Mac OS X and the QuickTime patch can be downloaded and installed via Software Update preferences or from the Apple Downloads Web site.
Talkback
Not again ZDNET, you really don't like Apple do you? Don't you think the headline is a wee bit over the top?
I don't think the headline is over the top, these are 'critical' flaws and could compromise users computers (even if Apple won't give them a rating).
uh huh
anxiety FUD
Keywords are :FIXES ARE AVAILABLE
ZD Net is worried that more people are Jumping ship to MAC and their PC legacy is going the way of the Dodo bird
Plese get your context right! Your headlines are, well let's say it out loud, bullshit! Maybe you really should check the facts before releasing this kind of articles. I agree with the point, that apple is not familiar with handling the security issues, but the context of your article was very very wrong! Microsofts operating system has way more known unpatched security issues than Apple's! And the number of exploits found in ones operating systems is very different, even thouhg apple has had a bigger percentual rise! Think about it! Think different!
look, pc still has way more trouble than mac has or ever will. Apple just switched to intel technology 5 months ago, and noody should be knocking on them for that reason. Can Dell run mac os x? no. Can mac run XP? YES. The way people continually knock on mac just because they have recieved 4 measly viruses that don't destroy your computer is just dumb. People don't dare knock on Microsoft for their flaws even though it takes three or four tries for them to get something right. Usually, if Apple flaws one thing, they will replace everything and even at times upgrade you to a better machine, while Microsoft won't, and therefore ZDNet has no right to knock on Apple.