Apple Computer has fixed a number of security holes in Mac OS X, some of which could allow remote attackers to take over a system.
One of the the most serious is a flaw in AFP Server's legacy client support that could be used to cause a buffer overflow and execute malicious code, Apple said in an advisory. Another bug could let attackers access any file on a Bluetooth-enabled system, using directory traversal attacks via the Bluetooth file and object exchange services.
The patch fixes insecure folder permissions for Dashboard system widgets, a feature introduced in Tiger that has been criticised by several security experts. A VPN fix addresses a flaw that could be exploited by local users to gain root privileges on VPN servers.
Another fix repairs a flaw in the the CoreGraphics Window Server that could be used by console users to gain escalated privileges. A bug in LaunchServices can allow file extensions and MIME types to bypass download security restrictions in some circumstances.
Besides such fixes, which mostly apply to newly disclosed flaws, the patch repairs previously known problems in PHP that could be used to crash or take over a system.
While the patch has been made available for both 10.3.9 and 10.4.1 systems, nearly all the bugs affect only systems running 10.4, Apple said - only the Bluetooth and PHP bugs are found in 10.3.9. The VPN problem, for example, was fixed for Jaguar systems in an earlier patch.
Update number 2005-006 is available from Apple's website or via OS X's automatic updating feature.