Apple issues critical security patches for OS X, iOS

By

Includes fix for SSL data capture bug.

Several serious security holes are being plugged by Apple's latest security updates for its OS X and iOS operating systems, issued this morning.

Apple issues critical security patches for OS X, iOS

The SA-2014-04-22-1 patch for OS X fixes vulnerabilities that allow attackers to remotely execute code on victims' machines through malicious PDF documents and JPEG images, and also addresses weaknesses in the operating system kernel address space layout randomisation, which could be bypassed.

A fix for a vulnerability that allowed attackers to capture data or modify operations in Secure Sockets Layer (SSL) protected sessions is also included in the OS X patch.

This so-called triple handshake attack is also fixed in the SA-2014-04-22-2 patch for Apple's mobile iOS operating system, which receives a version bump to 7.1.1 with the update.

Several WebKit vulnerabilities that affect iPhone 4 and later devices, as well as iPod Touch generation 5 and iPad 2 and later are removed with the iOS 7 patch. These permitted attackers who create maliciously coded websites to exploit multiple memory corruption issues in WebKit to terminate applications or execute arbitrary code.

The iOS 7.1.1 update also contains improvements to the TouchID fingerprint sensor operation on the iPhone 5s, and bug fixes for the keyboard and Bluetooth wireless service.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?