Topic: Apple releases OS X update

[sam]

... I'm updated! :-) ....

Apple has released a security update by for its OS X operating system that fixes five vulnerabilities in total. Even though there is no severity rating placed on the update, two of these could potentially lead to remote code execution according to Apple itself.

One of the patches fixes a problem with the ClamAV antivirus software that comes bundled with the OS X server version, which could lead to arbitrary code execution if the virus scanning feature is configured for automatic updates. An attacker would need to create a specially crafted malicious or spoofed antivirus update database in order to gain control over the system.

The other vulnerability that could lead to remote code execution concerns the rendering of TIFF image files. A maliciously crafted TIFF image could lead to a buffer overflow, which may in turn result in arbitrary code execution.

Three further security flaws involve a problem in AFP server that could allow the disclosure of file and folder names to unauthorised users, a vulnerability in Open Directory server that could cause the application to crash and a privilege elevation issue in the Launchd program.

The 10.4.7 update also solves a number of usability issues. Users can download the update either via Software Update or from Apple Downloads.

Taken from: LINK