Apple on Monday
released Mac 0S x 10.5.4, which includes patches for 25 security holes, many of which could be exploited to execute arbitrary code.
The flaws -- rated "highly critical" by tracking firm Secunia -- are spread out across a number of operating system components: Alias Manager, Core Types, C++filt, Dock, Launch Services, Net-SNMP, Ruby, SMB File Server, System Configuration, Tomcat, VPN and WebKit.
The largest number of holes -- nine -- reside in Tomcat, an application server that that executes Java programs used to create dynamic web pages.
Additionally, the update fixed six flaws in the open-source Ruby programming language.
Apple additionally plugged a memory corruption vulnerability relating to the handling of JavaScript in Safari 3.
Apple apparently did not fix a vulnerability in its ARDAgent (Apple Remote Desktop) that allows programs to run as root due to an error in the processing of AppleScripts, a Mac programming language. The hole gave rise to an alleged in-the-wild trojan.
See original article on scmagazineus.com