By Joris Evers
Staff Writer, CNET News.com
November 28, 2006
Apple Computer on Tuesday released a security update for Mac OS X to
repair 31 vulnerabilities, including a zero-day Wi-Fi hijack flaw.
Apple's Security Update 2006-007 includes fixes for flaws in Apple's own
code as well as third-party components that ship with the Mac OS X
operating system, such as Perl, PHP and OpenSSL. Several of the
vulnerabilities could allow full system compromises, according to
Apple's security alert.
However, Apple's update does not address all publicly known flaws in the
operating system. Over the past few weeks bug hunters, as part of an
initiative called the Month of the Kernel Bugs, have published details
on several new vulnerabilities in Mac OS X. One of those was tagged
"highly critical" by security-monitoring company Secunia.
"Apple hasn't fixed any of the bugs published during the Month of Kernel
Bugs, except for the AirPort issue," said "LMH," the code name of the
security researcher who started the Month of the Kernel Bugs. "Apple
users are still exposed to any potential risks related to those
The security hole in the AirPort driver software affects Macs that
shipped with Apple's original AirPort card, Apple said. An attacker
nearby the computer could commandeer a vulnerable system by sending it a
malicious network packet, according to Apple's alert.
Other flaws addressed by the Apple update could let Macs be compromised
through malicious sites, rigged compressed files or malicious font
files, Apple said. The update also fixes four flaws in the Mac OS X
Security Framework, the worst of which could crash Macs or display
expired security certificates as still valid, Apple said.
The Security Update 2006-007 for Mac OS X client and server software is
available from the Software Update pane in Mac OS System Preferences, or
Apple's downloads Web site. Apple recommends Mac users install it.
Subscribe to InfoSec News