Apple patches 25 flaws

By

Apple released its fourth security update of the year on Thursday, patching 25 software flaws, including 14 that allow malicious code execution.

Apple patches 25 flaws
It is the tech giant’s first bulletin distribution since 13 March, when it fixed 30 vulnerabilities.

Among the patches released on Thursday were three for Kerberos administration, all of which could lead to unexpected application termination or arbitrary code execution with system privileges, according to Apple’s advisory.

Another buffer overflow vulnerability was patched in the AirPort Driver module, which an attacker can exploit by malformed control commands.

Apple also patched two bugs in libinfo, and three flaws in Login Window.

Landon Fuller, the hacker whose Month of Apple Bugs project gained widespread attention in January, took credit for a newly fixed bug in Quicktime RTSP URL Handling on his blog on Thursday.

The flaw is cause by a boundary error when handling RTSP URLs, which can be exploited to cause a stack-based buffer overflow.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?