Apple patches 17 flaws in third May security bulletin

Apple on Thursday released 13 patches, fixing 17 vulnerabilities in Mac OS X. Among the patches is a fix for four flaws in BIND, the most serious of which can be exploited in a remote DoS attack, according to an advisory released yesterday by Apple.

The flaws exist in OS X versions 10.3.9 and 10.4.9 and OS X Server versions 10.3.9 and 10.4.9. Apple also patched a file vulnerability that can lead to arbitrary code execution or unexpected application termination when running commands on a malicious file.

An iChat flaw that can be exploited to cause a DoS attack or arbitrary code execution was fixed as well, according to Apple’s advisory. Also patched was a cryptographic weakness in fetchmail that could lead to the disclosure of passwords, according to Apple.

An Apple representative could not immediately be reached for comment today. The bulletins marked Apple’s third patch release of the month, following a May 10 release of fixes for two critical vulnerabilities in Darwin Streamer Server 5.5.4.