Security alerts aggregator Secunia Inc. rates the latest patch as "highly critical" and warned that malicious hackers could bypass security settings to launch cross-site scripting, system disclosure, privilege escalation and system access attacks.
According the Apple, one of the most serious of the flaws could allow a buffer overflow in ImageIO using a specially crafted GIF (Graphics Interchange Format) files, resulting in the execution of arbitrary code. Another flaw, which exists in the Safari browser, is an issue where maliciously crafted Web archives could allow cross-site scripting.
"It is possible to view web archives served from remote sites in Safari," Apple explained. "Maliciously crafted web archives may be rendered as content from sites that did not serve them. This update prevents remote Web archives from being loaded."
Users of the operating system can download and install the security update via the operating system's "Software Update" preferences.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.