Apple has released an update to address a trio of security flaws in its OS X desktop platform.
The company said that the update will address vulnerabilities, which,
if exploited, could allow an attacker to remotely execute code on a
targeted OS X system or server. The company did not report any active
attacks on the flaws in the wild.
The first of the three flaws lies within
the handling of Sorenson movie files. If a user were to open a specially
crafted movie, an attacker could cause a crash and would be able to
remotely execute code on the targeted system.
The second vulnerability is a remote code
execution flaw in the way OS X handles H.264 movie files. Like the
Sorenson flaw, the H.264 vulnerability could be launched from a
specially crafted movie file and, when executed, would allow for a
remote malware infection.
The third fix addresses a buffer overflow in the handling of mvhd data and would prevent similar attacks using movie files.
Apple is advising all users running OS X
Snow Leopard and later, including OS X Mountain Lion and Lion Server
users, to update their systems in order to guard against any possible
attacks that would target the flaws.
The patch comes ahead of Apple's planned release of the next version of OS X. Dubbed Mavericks, the update will bring optimisations to improve performance and enhance the battery life of notebook computers.
No comments:
Post a Comment