Salut,
Pour ceux que ça peut concerner: reçu aujourd'hui :
Serious flaws in Mac OS X and QuickTime
software could put Macintosh and Windows systems at risk of cyberattack,
Apple Computer has warned.
In a pair of security alerts released Thursday, Apple outlined 31
flaws that affect various versions of the operating system and a dozen
vulnerabilities in its QuickTime media player software. Security experts
have deemed the issues "critical," but Apple does not provide a
severity rating. Fixes are available.
The Mac OS X vulnerabilities lie in various components of the operating
system and affect both the server and client versions, Apple said in
a
security flaw that surfaced earlier this year. They fix an issue in
the "download validation" function, a feature designed to
protect Mac users from installing harmful code from a malicious Web site
or e-mail--a risk more familiar to Windows users.
Apple added the function in a
security
update released in early March. Two weeks later, it issued another
update to
fix some
problems with the feature. Thursday's fix tackles another issue: the
download validation may be bypassed if a file has a long name, Apple
said.
Critics have argued that the download validation function is not enough
to address the installation risk, and that Apple needs to correct the
problem at
a lower
level in the operating system.
The QuickTime flaws put both Mac OS X and Windows computers at risk of
compromise. All of the vulnerabilities exist because of errors in the way
the media player software handles certain files. Specially crafted files
in certain media formats--including JPEG, QuickTime, Flash, MPEG4 and
AVI--could allow an intruder to hijack a vulnerable system, Apple said in
