Apple Mega Patch Plugs 20 Mac OS X Holes
Apple Computer late Tuesday released an update to fix a whopping 20 security flaws in its flagship Mac OS X and warned that the most serious bugs could lead to remote code execution attacks.
Source: eWeekApple Computer Inc.'s Security Update 2005-005 includes patches for Mac OS X v10.3.9 and Mac OS X Server v10.3.9. It covers a wide range of vulnerabilities that could be exploited by remote or local attackers to execute arbitrary commands, trigger a denial-of-service condition or obtain elevated privileges.
The mega update comes just two weeks after the Cupertino, Calif.-based computer maker shipped patches for a range of potentially serious kernel and browser flaws. Since April 18, Apple has posted fixes for 28 Mac OS X vulnerabilities.
The latest update includes fixes for a buffer overflow in the Apache htdigest program and an integer overflow in the handling of TIFF files that could permit arbitrary code execution.
"A malformed TIFF image could contain parameters that result in image data overwriting the heap. This issue has been addressed by adding additional tests when calculating the space needed for an image," Apple said.
It also plugs a local code execution hole in the Netinfo Setup Tool (NeST) that was discovered and reported by private research outfit iDefense Inc. Local attackers could exploit the NeST bug by supplying an overly long value to overflow the buffer and execute arbitrary code.
0
Comments
small amount of mac users and small amount of holes (if you count 28 as a small amount)
and
large amount of PC users and a "large" amound of holes (take large however you will)
After looking at this I conclude... Macs have ...ehem had more holes per user than windows ever did!