Apple fixes 72 OS X holes

Issues security fixes for desktop, server and mobile operating systems.

Apple on Wednesday issued much-anticipated updates for its Mac OS X and iOS mobile operating system, adding support for its new iCloud service and fixing a bevy of security flaws in the process.

The new mobile operating system, iOS 5, contained approximately 98 security fixes, according to Apple's release notes.

A number of those fixes addressed “noteworthy” issues, including flaws that caused users' Apple ID passwords to be logged in a plain text file that could be read by applications, according to Sophos' senior technology consultant Graham Cluley.

Additionally, the update removed DigiNotar from the list of trusted root certificates. The Dutch-based certificate authority has recently gone bankrupt, after issuing hundreds of counterfeit SSL certificates.

On the desktop and server side, the Mac OS X Lion (10.7) and Snow Leopard (10.6) platforms received updates.

Those updates addressed approximately 72 security holes, which could lead to arbitrary code execution, denial of service or privilege escalation, according to Apple's release notes.

They also fixed various flaws uncovered in September that could have allowed an attacker to easily obtain users' encrypted passwords, and even change such credentials without authorisation.

The iOS update killed off the Gevey SIM flaw that allowed users to unlock devices from carrier networks.

Users, meanwhile, must install the updates to take advantage of iCloud, Apple's new service, which allows users to avoid locally storing music, photos, apps, calendars and documents.

High demand for the new iOS and OS X versions has placed a strain on Apple's servers, causing some users to experience long download times and strange error messages during the install process, according to reports.

Consequently, users may want to hold off updating for a day or two, Cluley recommended.

“I'd much rather wait until the teething problems have been sorted out, and then consider whether the new features built into Apple's operating system are what I'm after,” Cluley wrote.

The security upgrades don't end there. Apple on Thursday also released an update to its Safari web browser for users of Windows, Lion and Snow Leopard.

The new version, Safari 5.1.1, shores up approximately 70 vulnerabilities. The Safari update is bundled with the Mac OS X Lion 10.7.2 upgrade and is available for a separate download for Snow Leopard users.

The total number of security problems fixed this week in its various products is “certainly a record for Apple,” researchers at Mac security firm Intego, said in a blog post Wednesday.

This article originally appeared at scmagazineus.com