Apple released nine software updates yesterday that address concerns raised during two security researchers' self-proclaimed 'Month of Apple Bugs' and fix holes in Final Cut Pro. The fixes are available now via Mac OS X's built-in Software Update utility. They also deal with new US Daylight Saving Times rules.
'Month of Apple bugs' fixes
Three of the updates address bugs found by security researcher Kevin Finisterre and hacker 'LMH' during their month-long event aimed at exposing security flaws in Apple products and products that run on Apple systems.
On systems running Tiger, the update addresses a bug in which "a maliciously crafted disk image may lead to an application crash or arbitrary code execution", according to Apple's published release notes. Apple credits Finisterre for reporting the bug, which was posted on the Month of Apple Bugs site as 'Apple Finder DMG Volume Name Memory Corruption' on 9 January.
On systems running Tiger or Panther, the update addresses a Bonjour bug in which "attackers on the local network may be able to cause iChat to crash", according to Apple. This bug was listed on Month of Apple Bugs as 'Apple iChat Bonjour Multiple Denial of Service Vulnerabilities' on 28 January.
On systems running Tiger or Panther, the update addresses a vulnerability in iChat's AIM URL handler that "may lead to an application crash or arbitrary code execution", according to Apple. The bug was announced on Month of Apple Bugs as 'Apple iChat aim:// URL Handler Format String Vulnerability' on 20 January.
Finally, on systems running Tiger or Panther, the update addresses a vulnerability in the UserNotificationCenter process that could potentially grant system privileges to malicious users. This bug was announced on Month of Apple Bugs as 'Apple UserNotificationCenter Privilege Escalation Vulnerability' on 22 January.
Final Cut Pro 5.1.3
On Thursday Apple also updated Final Cut Pro to version 5.1.3, an update which "provides important bug fixes", according to Apple. According to Apple's Final Cut Pro documentation, the update includes fixes to provide compatibility of render files between PowerPC- and Intel-based Macs, returns missing keyboard commands to the default keyboard layout, and fixes a bug involving cross dissolves in a nested sequence containing still images.