Apple issues critical security patches for OS X, iOS

Several serious security holes are being plugged by Apple's latest security updates for its OS X and iOS operating systems, issued this morning.

The SA-2014-04-22-1 patch for OS X fixes vulnerabilities that allow attackers to remotely execute code on victims' machines through malicious PDF documents and JPEG images, and also addresses weaknesses in the operating system kernel address space layout randomisation, which could be bypassed.

A fix for a vulnerability that allowed attackers to capture data or modify operations in Secure Sockets Layer (SSL) protected sessions is also included in the OS X patch.

This so-called triple handshake attack is also fixed in the SA-2014-04-22-2 patch for Apple's mobile iOS operating system, which receives a version bump to 7.1.1 with the update.

Several WebKit vulnerabilities that affect iPhone 4 and later devices, as well as iPod Touch generation 5 and iPad 2 and later are removed with the iOS 7 patch. These permitted attackers who create maliciously coded websites to exploit multiple memory corruption issues in WebKit to terminate applications or execute arbitrary code.

The iOS 7.1.1 update also contains improvements to the TouchID fingerprint sensor operation on the iPhone 5s, and bug fixes for the keyboard and Bluetooth wireless service.