Apple patches security issues in OS X Mavericks

By on
Apple patches security issues in OS X Mavericks

Low-level OS component vulnerabilities plugged.

Apple today issued a late update for the current version of its OS X operating system Mavericks that patches a large number of security issues.

The 48 security fixes included in the 10.9.5 update patch everything from PHP scripiting language to Bluetooth, the operating system graphics drivers, and several low-level OS X components that are currently vulnerable.

Many of the vulnerabilities listed can be exploited to execute malicious code with system privileges, Apple said in its advisory. Such vulnerabilities are commonly used in zero-day exploits.

Apple's CoreGraphics framework is presently vulnerable to weaponised PDF files that can cause crashes or be used to run malicious code, the security advisory noted.

Several vulnerabilities in OpenSSL are also fixed, along with an update for the OS X kernel to prevent bypassing of the address space layout randomisation. 

The Safari 7.0.6 web browser updates the WebKit engine to handle multiple memory corruption issues. These could be exploited if an attacker crafts a malicious website to either cause application crashes or the execution of arbitrary code.

Google's Project Zero bug hunter Ian Beer is credited with having found the majority of security issues listed in today's update.

The 275 megabyte 10.9.5 update for OS X Mavericks also contains fixes for VPN connections that use USB authentication smartcards and SMB file server access.

After the OS X 10.9.5 patches are installed, Software Update offers the new Safari 7.1 web browser. This update offers several new features such as encrypted Yahoo searches. Safari 7.1 also adds the DuckDuckGo anonymous search engine result that does not track its users, along with AutoFill and Reader improvements with more websites.

Enterprise customers get a fix for a problem that prevented administrators in large network groups from performing some tasks, and also a tweak that allows for faster authentication when roaming in 802.1x networks secured with Extensible Authentication Protocol - Transport Layer Security (EAP-TLS).

Apple is expected to release its substantially overhauled OS X 10.10 Yosemite operating system, currently in beta testing, next month.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applemacmavericksos xpatchsecuritysoftwareyosemite

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'
Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS
NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear
Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

Digital Nation

Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer

Log In

  |  Forgot your password?