Apple plugs 20 OS X holes

by admin March 2, 2006 at 10:30 am

Security update deals with Leap.A threat and more…

Apple on Wednesday released a security update for Mac OS X that fixes 20 vulnerabilities, including a high-profile web browser and Mail flaw disclosed last week.

The set of patches addresses a variety of security flaws, including several that could let an attacker gain control over a computer running the operating system software. The patch arrives after two weeks of intense scrutiny for Apple Mac OS X safety, prompted by the discovery of two worms and the disclosure of two security flaws in that period.

The Apple security update addresses those flaws, which affect the Safari web browser and Apple Mail client. The vulnerabilities expose Mac users to risks that are more familiar to Windows owners: the installation of malicious code through a bad website or email because of improper validation of downloads.

The update also changes iChat, Apple’s instant messaging application, to thwart instant message threats such as the Leap.A pest, which was detected recently and attacked some Apple users.

Apple said: “iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers.”

Full article: