Mac OS X update delivers lone security fix

The Mac OS X and OS X Server updates from Apple affect versions 10.6 through 10.6.5, and is most notable for delivering the Mac App Store to owners of the desktop device. The highly promoted Mac App Store allows users to download applications to a Mac with greater ease, much as users of iTunes and iOS devices have enjoyed for some time.

The Mac OS update, however, was not without a security fix, as the new version – 10.6.6 – resolves a vulnerability affecting PackageKit, a facility used for software installation and updates.

The security update, said Apple, mitigates possible man-in-the-middle attacks, as outlined in the Apple security advisory:

“A format string issue exists in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts.”

Apple said this known vulnerability applies only to Mac OS X v10.6, and not previous versions.

What’s hot on Infosecurity Magazine?