Apple patches security issues in OS X Mavericks

By on
Apple patches security issues in OS X Mavericks

Low-level OS component vulnerabilities plugged.

Apple today issued a late update for the current version of its OS X operating system Mavericks that patches a large number of security issues.

The 48 security fixes included in the 10.9.5 update patch everything from PHP scripiting language to Bluetooth, the operating system graphics drivers, and several low-level OS X components that are currently vulnerable.

Many of the vulnerabilities listed can be exploited to execute malicious code with system privileges, Apple said in its advisory. Such vulnerabilities are commonly used in zero-day exploits.

Apple's CoreGraphics framework is presently vulnerable to weaponised PDF files that can cause crashes or be used to run malicious code, the security advisory noted.

Several vulnerabilities in OpenSSL are also fixed, along with an update for the OS X kernel to prevent bypassing of the address space layout randomisation. 

The Safari 7.0.6 web browser updates the WebKit engine to handle multiple memory corruption issues. These could be exploited if an attacker crafts a malicious website to either cause application crashes or the execution of arbitrary code.

Google's Project Zero bug hunter Ian Beer is credited with having found the majority of security issues listed in today's update.

The 275 megabyte 10.9.5 update for OS X Mavericks also contains fixes for VPN connections that use USB authentication smartcards and SMB file server access.

After the OS X 10.9.5 patches are installed, Software Update offers the new Safari 7.1 web browser. This update offers several new features such as encrypted Yahoo searches. Safari 7.1 also adds the DuckDuckGo anonymous search engine result that does not track its users, along with AutoFill and Reader improvements with more websites.

Enterprise customers get a fix for a problem that prevented administrators in large network groups from performing some tasks, and also a tweak that allows for faster authentication when roaming in 802.1x networks secured with Extensible Authentication Protocol - Transport Layer Security (EAP-TLS).

Apple is expected to release its substantially overhauled OS X 10.10 Yosemite operating system, currently in beta testing, next month.

Copyright © iTnews.com.au . All rights reserved.
Tags:
apple mac mavericks os x patch security software yosemite

Most Read Articles

SA Dept Premier and Cabinet sacks CIO

SA Dept Premier and Cabinet sacks CIO
NBN Co finally reveals satellite users who will lose ADSL

NBN Co finally reveals satellite users who will lose ADSL
CBA set to cut 170 IT workers

CBA set to cut 170 IT workers
Optus fibre cable cut in Melbourne

Optus fibre cable cut in Melbourne
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats

Events

Log In

Username:
Password:
|  Forgot your password?