Apple eliminated much holes in Mac OS

25th December 2007

The company Apple has released another set of patches for operating systems Mac OS X, the latest versions. The December patches kit includes about three dozen patches for various components of software platforms Mac OS X 10.4 (code-named Tiger) and Mac OS X 10.5 (code-named Leopard). Vulnerabilities, in particular, were found in the address book, module CFNetwork, CUPS (Common Unix Printing System) printing system, the plugin Flash Player, iChat, the components associated with system updates, etc. Most of the holes detected, in theory, can be used by attackers aiming to crash applications or performing arbitrary code on a remote computer. Also, some vulnerability allowed gaining unauthorized access to information stored on the victim's computer. Along with patches for Mac OS X, the company Apple released a patch fixing holes in the beta version of the browser Safari 3. This problem is relevant only for computers operating under Microsoft Windows XP or Windows Vista. The hole, in theory, allows performing XSS- attacks (Cross-Site Scripting) on remote computers.
It is noticeable, that this year Apple released already 36 sets of patches for its software products. In comparison with the last year the number of upgrades was only 22.