Apple patches 25 flaws

By on
Apple patches 25 flaws

Apple released its fourth security update of the year on Thursday, patching 25 software flaws, including 14 that allow malicious code execution.

It is the tech giant’s first bulletin distribution since 13 March, when it fixed 30 vulnerabilities.

Among the patches released on Thursday were three for Kerberos administration, all of which could lead to unexpected application termination or arbitrary code execution with system privileges, according to Apple’s advisory.

Another buffer overflow vulnerability was patched in the AirPort Driver module, which an attacker can exploit by malformed control commands.

Apple also patched two bugs in libinfo, and three flaws in Login Window.

Landon Fuller, the hacker whose Month of Apple Bugs project gained widespread attention in January, took credit for a newly fixed bug in Quicktime RTSP URL Handling on his blog on Thursday.

The flaw is cause by a boundary error when handling RTSP URLs, which can be exploited to cause a stack-based buffer overflow.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?