Apple issues critical security patches for OS X, iOS

By

Includes fix for SSL data capture bug.

Several serious security holes are being plugged by Apple's latest security updates for its OS X and iOS operating systems, issued this morning.

Apple issues critical security patches for OS X, iOS

The SA-2014-04-22-1 patch for OS X fixes vulnerabilities that allow attackers to remotely execute code on victims' machines through malicious PDF documents and JPEG images, and also addresses weaknesses in the operating system kernel address space layout randomisation, which could be bypassed.

A fix for a vulnerability that allowed attackers to capture data or modify operations in Secure Sockets Layer (SSL) protected sessions is also included in the OS X patch.

This so-called triple handshake attack is also fixed in the SA-2014-04-22-2 patch for Apple's mobile iOS operating system, which receives a version bump to 7.1.1 with the update.

Several WebKit vulnerabilities that affect iPhone 4 and later devices, as well as iPod Touch generation 5 and iPad 2 and later are removed with the iOS 7 patch. These permitted attackers who create maliciously coded websites to exploit multiple memory corruption issues in WebKit to terminate applications or execute arbitrary code.

The iOS 7.1.1 update also contains improvements to the TouchID fingerprint sensor operation on the iPhone 5s, and bug fixes for the keyboard and Bluetooth wireless service.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Log In

  |  Forgot your password?