Apple this week posted security updates to fix 19 security vulnerabilities in its Mac OS X operating system. Both client and server versions of a widely used version of its software - Mac OS X v10.3.9 - need patching.

The mega patch (a service pack in all but name) covers a variety of security problems some of which create a means for hackers to remotely commandeer vulnerable systems. The update fixes flaws ranging from the way the OS handles TIFF image files to security controls over how files are passed using Bluetooth short-range wireless technology. Meanwhile a security bug in Apple's LDAP implementation means that under certain circumstances passwords might be stored in plain text. The patch roll-up also resolves a number of privilege escalation and spoofing vulnerabilities.

Security firm Secunia collectively rates [1] the fixes as "highly critical". Apple has posted an explanation of the bugs here [2]. The patches can be downloaded from Apple's website but for most users these will have already been automatically applied after they were issued on Tuesday, 3 May. ®

Related stories

Apple issues nine bug fixes... [3]
Apple patches 'highly critical' iTunes bug [4]
SANS revises Top 20 security vulns list [5]
Apple's Big Virus [6]
Apple posts Mac OS X 10.3.9 [7]

Links

1. http://secunia.com/advisories/15227
2. http://docs.info.apple.com/article.html?artnum=301528
3. http://www.theregister.co.uk/2005/03/23/apple_osx_bug_fix/
4. http://www.theregister.co.uk/2005/01/14/itunes_security_flap/
5. http://www.theregister.co.uk/2005/05/03/sans_top_20/
6. http://www.theregister.co.uk/2005/04/21/apples_big_virus/
7. http://www.theregister.co.uk/2005/04/18/apple_osx_10-3-9/