Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Cisco Partner Summit Digital 2020 NetApp Digital Newsroom HPE Zone The Business Continuity Center Enterprise Tech Provider Masergy Zenith Partner Program Newsroom HP Reinvent Digital Newsroom Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom Intel Partner Connect 2021 Avaya Newsroom Experiences That Matter The IoT Integrator Intel Tech Provider Zone NetApp Data Fabric WatchGuard Digital Newsroom

Apple Security Update Swats Critical Mac OS X Bugs

Apple's security update for Mac OS X closed dozens of critical flaws impacting home and business users.

The update covers nearly 60 vulnerabilities spanning a number of different components, and includes several that can be exploited to execute arbitrary code via drive-by attacks if a victim browses to a malicious or compromised Web site.

Some of the more critical bugs listed in the advisory touch on image and font rendering subsystems and in QuickTime media viewing, said Rich Baldry, senior product manager for Sophos' Web Protection and Mac products.

“All of these components are shared and could impact a number of applications including iTunes and Safari,” he wrote in a blog. “They allow downloaded content to inject code or crash your system.”

Those flaws include bugs in Apple Type Services (ATS) the company warned could be leveraged using documents laced with maliciously-crafted embedded fonts. Several flaws also exist in Apple’s ImageIO that could be exploited using malicious images, such as a buffer overflow in libTIFF’s handling of JPEG encoded TIFF images that could lead to an application crash or code execution.

Apple’s update also includes fixes for PHP, Apache, ClamAV and other components, as well as the latest version of Apple Safari. Also bundled in with the patches is a fix for a bug that Mac security expert Charlie Miller tweeted that he had on tap for the Pwn2Own hacking contest at the CanSecWest Applied Security Conference held earlier this month in Vancouver.

“It slaughters at least 4 I was sitting on including my OS X entry to pwn2own I didn't get to use," he tweeted Monday.

Aside from the security content, the update seems to focus on improving the App Store, Windows file sharing and the Back to My Mac remote connectivity system, blogged Baldry.

“If you have recently bought one of the latest MacBook Pro models there's an additional update that fixes image rendering bugs that can cause display freezing and flickering,” he wrote. “Make sure you apply the update as soon as possible,” he added.

Back to Top

related stories

Video

     

    trending stories

    sponsored resources