Apple patches Adobe flaw

Sophos reminds businesses of the importance of updating computers with the latest security patches, as Apple releases an update to its Mac OS X Leopard operating system.

According to Apple, the Mac OS X 10.5.3 update includes a number of fixes that enhance the stability, compatibility and security of Mac computers, and recommends that users of Mac OS X Leopard install it at their earliest convenience.

"Included in the update are a series of security fixes designed to prevent hackers from taking advantage of vulnerabilities in Apple's software and open source packages that the company provides in its Mac OS X operating system," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

Security fixes included in the update include patches to prevent hackers running malicious code on vulnerable computers through specially crafted movie files and Flash Web-based content.

Apple's Web site confirms that upgrading to Mac OS X 10.5.3 also updates Adobe Flash to version 9.0.124.0 - avoiding malware seen exploiting a vulnerability in earlier versions.

"Even if you have been keeping up-to-date with the latest patches on your Apple Mac, this update to Mac OS X 10.5.3 can still mean an eye-watering 420MB download per computer," Myroff says. "However, businesses and home users would be wise to upgrade their Mac systems to avoid leaving themselves open to potential hack attacks in the future."

Low to medium prevalence Trojan horses causing some concern for Windows users include the Troj/Agent-HBD Trojan which installs itself in the registry, explains Myroff.

Troj/PSW-FF, another Trojan affecting the Windows platform, also installs itself in the registry, he says, and the Troj/Zlob-AKX Trojan has also been noted.

"The W32/MarioF-Gen and W32/Sorbat-A worms are also currently affecting Windows users," explains Myroff. "W32/MarioF-Gen copies itself to network shares that are protected by weak passwords. After copying to a network share, W32/MarioF-Gen creates the SCNa service with the display name 'SCNa Service' on the remote computer."

While Windows users are still largely the target of malware writers, Apple Mac users can obtain more detailed information on the various security fixes included in the Mac OS X 10.5.3 update from the Apple Web site, Myroff adds.