Apple patches 25 flaws

By

Apple released its fourth security update of the year on Thursday, patching 25 software flaws, including 14 that allow malicious code execution.

Apple patches 25 flaws
It is the tech giant’s first bulletin distribution since 13 March, when it fixed 30 vulnerabilities.

Among the patches released on Thursday were three for Kerberos administration, all of which could lead to unexpected application termination or arbitrary code execution with system privileges, according to Apple’s advisory.

Another buffer overflow vulnerability was patched in the AirPort Driver module, which an attacker can exploit by malformed control commands.

Apple also patched two bugs in libinfo, and three flaws in Login Window.

Landon Fuller, the hacker whose Month of Apple Bugs project gained widespread attention in January, took credit for a newly fixed bug in Quicktime RTSP URL Handling on his blog on Thursday.

The flaw is cause by a boundary error when handling RTSP URLs, which can be exploited to cause a stack-based buffer overflow.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
appleflawspatchessecurity

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?