Apple patches security issues in OS X Mavericks

By on
Apple patches security issues in OS X Mavericks

Low-level OS component vulnerabilities plugged.

Apple today issued a late update for the current version of its OS X operating system Mavericks that patches a large number of security issues.

The 48 security fixes included in the 10.9.5 update patch everything from PHP scripiting language to Bluetooth, the operating system graphics drivers, and several low-level OS X components that are currently vulnerable.

Many of the vulnerabilities listed can be exploited to execute malicious code with system privileges, Apple said in its advisory. Such vulnerabilities are commonly used in zero-day exploits.

Apple's CoreGraphics framework is presently vulnerable to weaponised PDF files that can cause crashes or be used to run malicious code, the security advisory noted.

Several vulnerabilities in OpenSSL are also fixed, along with an update for the OS X kernel to prevent bypassing of the address space layout randomisation. 

The Safari 7.0.6 web browser updates the WebKit engine to handle multiple memory corruption issues. These could be exploited if an attacker crafts a malicious website to either cause application crashes or the execution of arbitrary code.

Google's Project Zero bug hunter Ian Beer is credited with having found the majority of security issues listed in today's update.

The 275 megabyte 10.9.5 update for OS X Mavericks also contains fixes for VPN connections that use USB authentication smartcards and SMB file server access.

After the OS X 10.9.5 patches are installed, Software Update offers the new Safari 7.1 web browser. This update offers several new features such as encrypted Yahoo searches. Safari 7.1 also adds the DuckDuckGo anonymous search engine result that does not track its users, along with AutoFill and Reader improvements with more websites.

Enterprise customers get a fix for a problem that prevented administrators in large network groups from performing some tasks, and also a tweak that allows for faster authentication when roaming in 802.1x networks secured with Extensible Authentication Protocol - Transport Layer Security (EAP-TLS).

Apple is expected to release its substantially overhauled OS X 10.10 Yosemite operating system, currently in beta testing, next month.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
apple mac mavericks os x patch security software yosemite

Most Read Articles

The CIO movements that made headlines in 2018

The CIO movements that made headlines in 2018
NBN Co makes move to sell more 100Mbps-plus services

NBN Co makes move to sell more 100Mbps-plus services
Atlassian admits it did Kubernetes 'the hard way'

Atlassian admits it did Kubernetes 'the hard way'
Defence finally reveals new providers for mammoth IT support deal

Defence finally reveals new providers for mammoth IT support deal
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Automate and secure IOT for Business
Automate and secure IOT for Business
Data Science and AI Solutions for Cybersecurity
Data Science and AI Solutions for Cybersecurity
Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider

Events

Log In

Username / Email:
Password:
  |  Forgot your password?