Apple Fixes 15 Flaws, Updates Mac OS X To 10.4.8
According to the alert that Apple released alongside the update, more than half of the fixed flaws can lead to "arbitrary code execution." In plain English, that means a hacker could hijack the Mac and install his own software on the system. Four of the bugs are in Flash, the Adobe-sold animation player bundled with Mac OS X.
A vulnerability in Safari, Apple's Web browser, could let malicious sites pose as trustworthy URLs with SSL (Secure Sockets Layer) indicators, said the alert, while in another, a specially-crafted JPEG2000 image could be used to trigger a buffer overflow to compromise the computer.
One of the more dangerous vulnerabilities outlined by Apple is a memory management error in WebKit's handling of certain HTML. Simply viewing a malicious Web site could result in a hacked Mac. WebKit is Apple's version of the open-source browser engine used by Safari and other OS X components, including Mail and the Dashboard.
The Friday update is the first OS-wide security fix in nearly two months, although other components, including Apple's own QuickTime, have been patched since then.
The update -- as well as a similar security update for users of Mac OS X 10.3 (Panther) that includes only 8 patches -- can be downloaded from the Apple Web site, or retrieved using the operating system's own auto update tool.