Mac OS X Security Update 2008-007

10 10 2008

Apple on Thursday afternoon released its seventh distinct security fix of the year for Mac OS X to tackle a number flaws, including one introduced with its 10.5.5 update.

Available for both Mac OS X Leopard (Client, Server) and Tiger (Intel Client, PowerPC Client, PowerPC Server), Security Update 2008-007 addresses a mixture of UNIX foundation and Mac-specific flaws.

Among the fixes is one for the launchd daemon that only affects Mac OS X 10.5.5. The particular implementation may sometimes fail to sandbox apps that want to be isolated from the system, potentially exposing them to attacks.

Other Mac-related problems mended in the were first discovered by outside security teams, including a remote CUPS printing exploit found by TippingPoint’s Zero Day Initiative as well as holes in ColorSync, Finder, general Mac OS X networking, PSNormalizer, QuickLook, root certificates, Script Editor and Weblog.

A pair of additional, special patches close vulnerabilities in the third-party ClamAV utility and allow a single sign-on with a password in a file, allowing scripts to use the sign-on feature without dropping security.

Solutions for UNIX flaws include updated versions of Apache, libxslt, MySQL Server, PHP, Postfix, rlogin, Tomcat and vim.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: