Apple plugs holes in Tiger

An update for Mac OS X Tiger 10.4.8 has been released: Apple's seventh update for its operating system this year.

Patches for security holes in its AirPort driver software, and problems in the Mac OS X Security Framework are included in Apple's Security Update 2006-007 .

The update includes 18 patches for security problems in Mac OS X Tiger, as well as four updates for other products.

However, Apple's update does not address all publicly known flaws in the operating system. Over the past few weeks an initiative called the Month of the Kernel Bugs (MKB) has published details of several new vulnerabilities in Mac OS X. One of those was tagged 'highly critical' by security-monitoring company Secunia .

The security researcher who started the MKB initiative stated: "Apple hasn't fixed any of the bugs published during the Month of Kernel Bugs, except for the AirPort issue. Apple users are still exposed to any potential risks related to those unpatched issues."

AirPort affected

The security hole in the AirPort driver software affects eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 systems that shipped with Apple's original AirPort card. An attacker close to the computer could commandeer a vulnerable system by sending it a malicious network packet, according to Apple .

The update also includes four patches for flaws in the Mac OS X Security Framework, the worst of which could crash Macs or display expired security certificates as still valid, Apple said.

As well as these patches, the update also deals with a number of problems in third-party applications such as Apple Type Services, ClamAV, PHP, Perl, Samba, Gnuzip, OpenSSL, and Installer.

As per usual, Apple is not revealing any detailed information about the security holes that have now been patched.

All the mentioned updates can be found via the automatic software update function in Mac OS X, or from Apple's website. Apple recommends Mac users install it. Anna Lagerkvist