Apple discharge its third major patch this year for Mac OS X on Thursday , fixing 31 software vulnerability in a range of production that could be used by remote aggressor to compromise Mac type O system .
Security Update 2006 - 003was write on Apple ’s Web site and includes software kettle of fish for holes in OS X , the Safari entanglement internet browser , and Mac portion for reckon paradigm and video files .
Also included are fixes for a number of security flaw publicized by independent researcher Tom Ferris in April . However , Ferris says the latest patch does n’t track other critical holes he report to Apple , and that he may soon publish the details of those flaws , too .
An Apple spokesman did not at once respond to a request for comment .
The patches , which hail two Clarence Day after Microsoft released its monthly security fixes , underscore the changing security mood for Mac systems , which are a small fraction of the figurer universe , but are under increasing scrutiny for security holes .
Among the flaws Apple fixed are an integer overflow in the processing of JPEG Indian file by OS X systems prior to Version 10.4 that could allow attackers to harbor malicious code in image files ; the code executes when the file is viewed .
Another flaw affects Quicktime Streaming Server on some versions of OS X and could give up aggressor to apply malicious RTSP ( Realtime Streaming Protocol ) request to trigger a buffer outpouring on the server . Other holes would allow aggressor to use Es - mail message , Macromedia Flash file or malicious Web shortcuts to take control of Mac system .
Ferris told InfoWorld there were still gob in Safari , QuickTime , and the iTunes app that he reported to Apple but were not patch in the latest release . He did not write details of those holes on his Web site in April , but he described them as critical flaw that permit outback code slaying .
Ferris say he is consider releasing the details of the unpatched holes on May 14on his Web site . He also says he has found new golf hole in OS XTC affecting TIFF data format Indian file and BOMArchiver , an practical program used to compress files . He did not provide detail about the flaws or trial impression of their existence .
Compared with Apple ’s exit , Microsoft ’s May security piece was small . The software giant star posted three security bulletin — two of them fink “ decisive ” that covered five vulnerabilities .
surety expert have been weigh in on Apple security more frequently in late months , as decisive flaw in the OS X operating arrangement and Safari internet browser and viruses and Web base attacks target Mac system have made newspaper headline .
Anti - virus and protection software system companies have started offering products for Mac OS X , and there is debate about whether Apple ’s shift to the same Intel computer architecture used by Microsoft Windows will change the security measure posture of Mac systems .
formally , Apple downplays certificate holes in its products and novel OS decade attacks — which are still rarified compared to those targeting Windows system . But some security measure industry insiders have suggested that the caller should appoint a principal surety police officer to coordinate the companionship ’s response to security system .
