Apple releases second security fix in 2 weeks

Apple has released its second security patch for its Mac OS X operating system in 2 weeks.

The new security update 2006-002 corrects a number of problems caused by the company's previous patch just last week as well as fixing a number of newly discovered security flaws that included allowing a malicious hacker to control your machine with the same privileges as the user.

In a statement on its site, Apple said “Security Update 2006-002 is recommended for all users and improves the reliability and security of the following components: apache_mod_php, CoreTypes, LaunchServices, Mail, rsync, Safari”.

One of the security holes within Mail allows hackers. “By preparing a specially-crafted email message with attachments, and enticing a user to double-click on that attachment within Mail, an attacker may trigger a buffer overflow”, Apple said on its website. “This could result in the execution of arbitrary code with the privileges of the user running Mail. This update addresses the issue by performing additional bounds checking. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.”

The new update weighs in around 15.3Mb and incorporates Security Update 2006-001, which improves the security of the following components: apache_mod_php, automount, Bom, Directory Services, iChat, IPSec, LaunchServices, LibSystem, loginwindow, Mail, rsync, Safari, Syndication.


>