Unpatched Mac OS X/Safari Security Flaws (Updated)

CNet News.com reports on recent unpatched security vulnerabilities in Apple's Mac OS X and Safari web browser. The vulnerabilities, the most severe of which could let a would-be attacker run malicious code on a user's Mac, are under investigation by Apple.

Reported security vulnerabilities, even unpatched ones, are nothing new. What may be of interest, however, is that five of the flaws identified were associated with the way OS X handles image data. Image handling appears to be a recurring security issue for Apple, as 10.4.6 recently patched an issue where a malformed .tiff image file could crash applications like Preview, Finder, QuickTime, and Safari.

Update: Many users have pointed out a new CNN article describing the state of Macintosh security. Despite its high profile, the article offers little new information and simply discusses the above information and the Leap.A virus which was released earlier this year (via MacForums).

One note of interest is that apparently the above security vulnerabilities were first reported to Apple by Tom Ferris in January and Febuary of this year.

Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.

"They didn't know how to deal with security, and I think Apple is in the same situation now," said Ferris, himself a Mac user.