Apple has recently released a security update for its Mac OS X operating system, which is meant to fix a high number of critical security issues that were found in the software. The security update is the fifth this year and patches a total of 13 holes. The release notes are now available on the support area of the company’s website. The products that featured vulnerabilities include Mac OS X Server 5, Mac OS X 10.5.8 , Mac OS X Server 10.6 and Mac OS X 10.6.4.
According to Apple at least six of the bugs could be exploited by attackers who aim to run unauthorized software on the Mac OS X operating system. In the document that’s now available on the support area, Apple explains what vulnerabilities the update fixed.
“A stack buffer overlow exists in Apple Type Services’ handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.” Apple mentions.
The CFN Network was also discovered to permit anonymous TSL/SSL connections which could allow attackes to redirect connections as well as intercept user credentials and other 
valuable information. The issue was addressed by Apple by disabling anonymous TLS/SSL connections. Multiple vulnerabilities were also found in the case of PHP 5.3.1 which has now been updated to version 5.3.2. The most serious of them could have lead to arbitrary code execution. Another important fix addressed the vulnerability in CoreGraphics. Opening a maliciously crafted PDF file could lead to an unexpected application termination and also arbitrary code execution. The vulnerability was discovered by go Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) and fixed through improved bounds checking.
So far Mac hasn’t been having nearly as many problems with attacks and malware as Windows. Microsoft’s operating system, clearly the most used OS worldwide, remains the favorite for hackers. Still, regardless of what operating system you’re using, security experts recommend that you download the security updates as soon as they are made available in order to avoid any problems. Apple might have to step it up a notch in the future for the security of both its desktop/laptop operating system as well as for its mobile devices (iPhone and iPad) and the iOS. With the newly gained popularity of the iOS Apple is finally starting to see what it’s like to have to secure a highly popular operating system that serves as a target for many cyber attackers. You can find more information regarding Apple’s Security Update 2010-005 by following this link.
