Apple Computer Inc. has released an update for its Mac OS X 10.4 operating system that fixes two security flaws, including one that potentially opened the platform up to a denial-of-service attack.

Mac OS X Update 10.4.2 addresses an issue with the operating system’s TCP/IP stack, which allowed a specially formed TCP/IP packet to cause a kernel panic, requiring the system to be rebooted. Apple notes that systems with many forms of TCP/IP filtering would be unaffected by the issue, which only affects Mac OS X 10.4 Tiger and Mac OS X Server 10.4.

The update also fixes a potential issue with Dashboard, in which third-party Widgets were allowed to replace Apple-supplied ones that are shipped with OS X 10.4. This could have meant that users were not aware that they were running third-party code, which, in turn, could have led to users trusting behaviour from the Widget that they would not otherwise accept. The update alerts users if a download is replacing an Apple-supplied Widget.

Source: eWeek