Apple fixes 45 flaws on its own version of Patch Tuesday

By

Apple made up for Microsoft's rare patch skip Tuesday when the computing giant itself released fixes for 45 vulnerabilities in the Mac OS X.


Nine of the mended flaws were publicised in January’s " Month of Apple Bugs" project, while seven of the sealed holes were brought to light in November’s " Month of Kernel Bugs" venture, according to an Apple advisory.

Tuesday’s update – which can be downloaded from Apple’s website or through the company’s software update feature – covers a number of flaws in Mac OS X components and third-party software.

The update includes an eight-vulnerability fix for problems related to the processing of disk images, which could lead to an unexpected system crash or arbitrary code execution.

The security upgrade also addressed seven flaws in MySQL open-source database software and five vulnerabilities in OpenSSH, a free tools suite that encrypts network traffic. The most serious exploit within either application could lead to arbitrary code execution.

Apple, in a separate update, also patched a hole in its iPhoto software application.

"I think it's kind of unprecedented for Apple to do such a large release at once," Andrew Storms, director of security operations at nCircle, told SCMagazine.com.

"They had some pressure to get stuff out. Obviously we're seeing somewhat of a fallout from the 'Month of Apple Bugs.'"

Tuesday’s major patch release – which came out on the day Microsoft normally issues monthly security fixes – marked Apple’s seventh security update of the year and its third major one. Compared to this time last year, the Cupertino, Calif.-based computing giant had only issued five such updates, two of which were major.

Because Apple is not widely deployed on an enterprise level, administrators who was must deal with Tuesday's update will be doing "a lot of manual patching and [sending] a lot of emails to users [telling them] to update this stuff."

Apple is trying to take market share from Microsoft, aided by an aggressive advertising campaign painting Windows as less secure and unhip. But that approach may attract more hackers to find holes, experts said.

"Why not go after the operating system that's touting security?" Storms said.

A new Mac OS X, named Leopard, is due out this spring.

An Apple spokeswoman did not return telephone calls seeking comment.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?