1 August 2008 13:17 GMT / By Katie Scott
Apple's Security Update 2008-005 can now be downloaded and installed via Software Update preferences, or from Apple Downloads.
It patches problems with Mac OS X Server 10.4, Security, Mac OS X 10.4.11, Mac OS X Server 10.5, and Mac OS X 10.5.4.
Apple details that it corrects a "design issue" which "exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plug-ins into applications running with elevated privileges".
Apple continues: "Sending scripting addition commands to a privileged application may allow the execution of arbitrary code with those privileges".
"This update addresses the issue by not loading scripting addition plug-ins into applications running with system privileges."
It also solves issues with the Berkeley Internet Name Domain (BIND) server, which is distributed with Mac OS X.
Apple explains: "A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. As a result, systems that rely on the BIND server for DNS may receive forged information".
There was also a problem with processing long filenames that has been fixed as well as a CoreGraphics issue, which could see applications quit if the Mac user visited "a maliciously crafted website or a maliciously crafted PDF file".
Hit the link below to view the complete list of fixes.
Related links
Latest in Software
Latest on Pocket-lint.co.uk
-
SOFTWARE
Microsoft Losing Share To Apple
-
SOFTWARE
NORAD, Google To Offer "Santa Tracker"
-
SOFTWARE
Apple: Mac Users Need Anti-Virus
Comments