Apple Releases Major OS X Security Update

In an advisory, Apple noted that three of the fixes addressed vulnerabilities reported during the Month Of Apple Bugs, including format string vulnerabilities in the Installer and Help Viewer applications and a system configuration flaw in the writeconfig utility that could open the door to malicious code execution.

Apple also fixed a buffer overflow vulnerability in the AirPortDriver module, which handles control commands for the Cupertino, Calif.-based vendor's AirPort wireless LAN product.

The flaw, which affects eMac, iBook, iMac, PowerBook G3, PowerBook G4 and Power Mac G4 systems equipped with an original AirPort card, could also enable an attacker to execute malicious code on an affected system, Apple said in the advisory.

Another fix addressed a buffer overflow in the VideoConference framework in OS X Server, which could be triggered by an attacker by sending a rigged SIP packet during the initialization phases of an audio/video conference. Apple said it has implemented additional validation for SIP packets to address the issue.

Apple also addressed several security issues stemming from vulnerabilities in the MIT Kerberos administration daemon (kadmind), the most severe of which could lead to application crashes or malicious code execution.