Yeah you know what I mean. After Apple updated OS X 10.4.5 to OS X 10.4.6 which addressed critical security vulnerabilities, there are other possible vulnerabilities found in the updated OS X. A guy, by the name Tom Ferris, claims to have found the following vulnerabilities in the updated OS X.
- Apple OS X 10.4.5 .tiff “LZWDecodeVector ()” Heap Overflow
- Apple OS X BOM ArchiveHelper .zip Heap Overflow
- Apple OS X Safari 2.0.3 Multiple Vulnerabilities
- Apple OS X 10.4.6 “ReadBMP ()” .bmp Heap Overflow
- Apple OS X 10.4.6 “CFAllocatorAllocate ()” .gif Heap Overflow
- Apple OS X 10.4.6 .tiff “_cg_TIFFSetField ()” DoS
- Apple OS X 10.4.6 .tiff “PredictorVSetField ()” Heap Overflow
The first vulnerability was patched in OS X 10.4.6 however the other vulnerabilities are claimed to be unpatched in Apple OS X 10.4.6 but are already reported to Apple.
All of these have been reported to product-security@apple.com around the beginning of this year. From what I have been told, they “will be fixed in the next security release”.
You may follow the following link for the original article.
By the way, users who haven’t patched their OS X machines are advised to update to Apple OS X 10.4.6. You may visit Apple’s update page here.