Apple Computer Inc.
said in a statement given to MacCentral on Friday that the company would be fixing
security flaws uncovered in Mac OS X Jaguar
by Cambridge, MA-based security research firm @Stake earlier this week.
speculated that Apple would not update
the older Jaguar operating system since the release of Mac OS X Panther on October 24, 2003, but Apple has put that speculation to rest.
“Apple’s policy is to quickly address significant vulnerabilities in past releases of Mac OS X wherever feasible,” Apple said in a statement given to MacCentral. “The shipment of Panther does not change this policy. Apple has an excellent track record of working with CERT and the open source community to proactively identify and correct potential vulnerabilities.”
Panther, Apple’s latest operating system, was not affected by the security issues outlined by @Stake — the flaws only affect Mac OS X 10.2.8 and lower.
The three advisories are Long argv Buffer Overflow; Systemic Insecure File Permissions; and Arbitrary File Overwrite via Core Files. @Stake lists the severity of the advisories as being “high.”
More information on each of the reported security issues
are available in our earlier coverage.