Apple fixes 45 flaws on its own version of Patch Tuesday

By

Apple made up for Microsoft's rare patch skip Tuesday when the computing giant itself released fixes for 45 vulnerabilities in the Mac OS X.


Nine of the mended flaws were publicised in January’s " Month of Apple Bugs" project, while seven of the sealed holes were brought to light in November’s " Month of Kernel Bugs" venture, according to an Apple advisory.

Tuesday’s update – which can be downloaded from Apple’s website or through the company’s software update feature – covers a number of flaws in Mac OS X components and third-party software.

The update includes an eight-vulnerability fix for problems related to the processing of disk images, which could lead to an unexpected system crash or arbitrary code execution.

The security upgrade also addressed seven flaws in MySQL open-source database software and five vulnerabilities in OpenSSH, a free tools suite that encrypts network traffic. The most serious exploit within either application could lead to arbitrary code execution.

Apple, in a separate update, also patched a hole in its iPhoto software application.

"I think it's kind of unprecedented for Apple to do such a large release at once," Andrew Storms, director of security operations at nCircle, told SCMagazine.com.

"They had some pressure to get stuff out. Obviously we're seeing somewhat of a fallout from the 'Month of Apple Bugs.'"

Tuesday’s major patch release – which came out on the day Microsoft normally issues monthly security fixes – marked Apple’s seventh security update of the year and its third major one. Compared to this time last year, the Cupertino, Calif.-based computing giant had only issued five such updates, two of which were major.

Because Apple is not widely deployed on an enterprise level, administrators who was must deal with Tuesday's update will be doing "a lot of manual patching and [sending] a lot of emails to users [telling them] to update this stuff."

Apple is trying to take market share from Microsoft, aided by an aggressive advertising campaign painting Windows as less secure and unhip. But that approach may attract more hackers to find holes, experts said.

"Why not go after the operating system that's touting security?" Storms said.

A new Mac OS X, named Leopard, is due out this spring.

An Apple spokeswoman did not return telephone calls seeking comment.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
applefixesflawsitsofonownpatchsecuritytuesdayversion

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?