Apple patches security issues in OS X Mavericks

By on
Apple patches security issues in OS X Mavericks

Low-level OS component vulnerabilities plugged.

Apple today issued a late update for the current version of its OS X operating system Mavericks that patches a large number of security issues.

The 48 security fixes included in the 10.9.5 update patch everything from PHP scripiting language to Bluetooth, the operating system graphics drivers, and several low-level OS X components that are currently vulnerable.

Many of the vulnerabilities listed can be exploited to execute malicious code with system privileges, Apple said in its advisory. Such vulnerabilities are commonly used in zero-day exploits.

Apple's CoreGraphics framework is presently vulnerable to weaponised PDF files that can cause crashes or be used to run malicious code, the security advisory noted.

Several vulnerabilities in OpenSSL are also fixed, along with an update for the OS X kernel to prevent bypassing of the address space layout randomisation. 

The Safari 7.0.6 web browser updates the WebKit engine to handle multiple memory corruption issues. These could be exploited if an attacker crafts a malicious website to either cause application crashes or the execution of arbitrary code.

Google's Project Zero bug hunter Ian Beer is credited with having found the majority of security issues listed in today's update.

The 275 megabyte 10.9.5 update for OS X Mavericks also contains fixes for VPN connections that use USB authentication smartcards and SMB file server access.

After the OS X 10.9.5 patches are installed, Software Update offers the new Safari 7.1 web browser. This update offers several new features such as encrypted Yahoo searches. Safari 7.1 also adds the DuckDuckGo anonymous search engine result that does not track its users, along with AutoFill and Reader improvements with more websites.

Enterprise customers get a fix for a problem that prevented administrators in large network groups from performing some tasks, and also a tweak that allows for faster authentication when roaming in 802.1x networks secured with Extensible Authentication Protocol - Transport Layer Security (EAP-TLS).

Apple is expected to release its substantially overhauled OS X 10.10 Yosemite operating system, currently in beta testing, next month.

Copyright © iTnews.com.au . All rights reserved.
Tags:
apple mac mavericks os x patch security software yosemite

Most Read Articles

NBN Co kills 100Mbps on fixed wireless

NBN Co kills 100Mbps on fixed wireless
Govt's high-risk IT project watchlist falls to 14

Govt's high-risk IT project watchlist falls to 14
Hackers infect 500,000 routers and storage devices

Hackers infect 500,000 routers and storage devices
Telstra's 4G network goes down again

Telstra's 4G network goes down again
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators

Events

Most popular tech stories

Log In

Username / Email:
Password:
  |  Forgot your password?