Massive Security Update Released for Mac OS X


Recommended Posts

Massive Security Update Released for Mac OS X

March 22nd, 2011, 14:55 GMT| By Lucian Constanti

Apple has released the first major security update for Max OS X in 2011, patching crtical vulnerabilities in various components and bundled software.

The new Security Update 2011-001 is available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6 and Mac OS X Server v10.6 through v10.6.6.

In total, there were 54 vulnerabilities patched, including one reported by Charlie Miller and Dion Blazakis, the team that hacked the iPhone 4 at Pwn2Own. It's not clear if this is the same vulnerability they exploited for the iPhone hack, because it was supposed to affect MobileSafari, while this one is located in QuickLook and deals with the handling of Microsoft Office files.

A privilege escalation vulnerability was identified and addressed in the Mac OS X kernel, while five arbitrary code execution ones exploitable through malformed images were fixed in the ImageIO component.

Four more critical flaws related to font parsing were patched in ATS and an information disclosure bug got fixed in HFS (Hierarchical File System).

The update also adds a definition for a piece malware called OSX.OpinionSpy to the File Quarantine component.

Third-party software patched by this update includes Apache, ClamAV, Mailman, PHP, Ruby, Samba, Subversion and various libraries. Five QuickTime vulnerabilities, some of which can be exploited over the Web, are also covered. The 2011-001 security update was released at the same time as Mac OS X v10.6.7, a new version of the operating system which includes all of these fixes and many other non-security related enhancements.

In order to remain protected users are strongly encouraged to either install the stand-alone security update or upgrade to Mac OS X v10.6.7, although it's worth pointing out that some people have experienced problems after installing the new OS version.

http://news.softpedia.com/news/Massive-Security-Update-Released-for-Mac-OS-X-190924.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...