Apple patches Mac OS X vulnerabilities

Apple has released a security update that fixes 15 different vulnerabilities in Mac OS X.

The update has been classified by security firm Secunia as 'highly critical', its second highest alert level, owing to the danger of remote code execution on unpatched systems.

Among the vulnerabilities is a flaw in the CFNetwork component used by Apple's Safari browser that could allow unauthenticated SSL sites to appear as authenticated.

This could leave a user vulnerable to fraudulent sites that would be presented as secure.

Fixes for Adobe Flash Player which Secunia has listed as 'highly critical' are also included in the update. The vulnerabilities could allow attackers to execute code remotely via a specially crafted .swf file.

Other fixes address vulnerabilities in PICT and jpeg2000 image handling components and several LoginWindow flaws.

The Mac OS X 10.4.8 update is for users with a version of MacOS X 10.4 or Mac OS X 10.4 server already installed. Security Update 2006-006 is for users running Mac OS X 10.3.9 and Mac OS X Server.

The security fix comes one week after Apple released a patch for vulnerabilities in its AirPort wireless networking components.