Apple Issues Security, App Patches
Apple late Thursday issued its third security update of the year, along with updates to its Front Row and QuickTime applications. The security patch fixes flaws in 16 of the operating system's components, including Finder, Mail, Preview and Safari.
A vulnerability within Finder was patched to prevent arbitrary code execution from the use of an Internet location item, such as "http://". A stack buffer-overflow issue in Preview was patched, which could trigger code execution through a maliciously crafted directory structure.
In Mail, two issues were remedied, including a flaw where specially crafted e-mails with MacMIME encapsulated attachments could lead to code execution. Also, another code execution issue with the handling of invalid color information when viewing malicious e-mails was repaired.
An issue in the way Safari handles symbolic links that could open a system to file manipulation or code execution was fixed. According to Apple, this issue only affects systems running Mac OS X 10.4 or later.
In addition to the various component updates, a Flash Player update was also included to fix code execution issues with that program.
Other updates included QuickTime 7.1, which has bug fixes and security patches. Front Row 1.2.2 was also released, which makes the application more reliable when playing back multimedia through the application.
All updates are now available through Apple's Software Update application within Mac OS X.