Apple issues critical fixes

Over 40 vulnerabilities have been addressed in the latest patches for Mac OS X

Apple has patched a number of security holes in its Panther and Tiger flavours of Mac OS X in its latest security update, released late on Monday.

Four patches were issued in total, covering the server and client versions of both Panther (Mac OS X 10.3.9) and Tiger (Mac OS X 10.4.2). The server patches address problems in 20 components, while the client patches fix 15 flaws.

According to security firm Secunia, more than 40 separate vulnerabilities are addressed in the four patches.

Several vulnerabilities that would allow attackers to cause a buffer overflows have been identified and fixed by Apple. One affected programs that use AppKit to open Microsoft Word documents. Another problem, which also affected Appkit, meant that a user who opened a specially crafted rich text file could allow malicious code to run on their machine.

Apple also changed the way Bluetooth connections were handled, eliminating a bug in the System Profiler that causes it to display misleading information about whether or not a Bluetooth device requires authentication.

The Safari Web browser has also been updated, fixing a flaw that could allow arbitrary command execution by clicking on a link in a maliciously crafted rich text file, and a bug that could mean Safari sent data to the wrong Web sites.

For more detail on the security flaws, and to download the patches, visit the Apple Web site.