Apple rolls out 17 patches via security update

2007 isn't looking like a good year for Mac zealots who love to crow about how secure their platform of choice is: Apple just rolled out a security update last night, its fifth this year, containing patches for 17 potentially serious OS X bugs. That brings the grand total of OS X patches for 2007 up to a whopping 109. Among the fixes is a patch for a CoreGraphics bug that could allow a hacker to launch code execution attacks via a rigged PDF file. "By enticing a user to open a maliciously crafted PDF file, an attacker could trigger [a buffer] overflow which may lead to an unexpected application termination or arbitrary code execution," the company warned in a security advisory. Another serious buffer overflow flaw was found in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings in iChat. "By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution," Apple said.

For more on the patches:
- see this Security Advisory from Apple
- and this article from ZDnet