Apple patches security issues in OS X Mavericks

By on
Apple patches security issues in OS X Mavericks

Low-level OS component vulnerabilities plugged.

Apple today issued a late update for the current version of its OS X operating system Mavericks that patches a large number of security issues.

The 48 security fixes included in the 10.9.5 update patch everything from PHP scripiting language to Bluetooth, the operating system graphics drivers, and several low-level OS X components that are currently vulnerable.

Many of the vulnerabilities listed can be exploited to execute malicious code with system privileges, Apple said in its advisory. Such vulnerabilities are commonly used in zero-day exploits.

Apple's CoreGraphics framework is presently vulnerable to weaponised PDF files that can cause crashes or be used to run malicious code, the security advisory noted.

Several vulnerabilities in OpenSSL are also fixed, along with an update for the OS X kernel to prevent bypassing of the address space layout randomisation. 

The Safari 7.0.6 web browser updates the WebKit engine to handle multiple memory corruption issues. These could be exploited if an attacker crafts a malicious website to either cause application crashes or the execution of arbitrary code.

Google's Project Zero bug hunter Ian Beer is credited with having found the majority of security issues listed in today's update.

The 275 megabyte 10.9.5 update for OS X Mavericks also contains fixes for VPN connections that use USB authentication smartcards and SMB file server access.

After the OS X 10.9.5 patches are installed, Software Update offers the new Safari 7.1 web browser. This update offers several new features such as encrypted Yahoo searches. Safari 7.1 also adds the DuckDuckGo anonymous search engine result that does not track its users, along with AutoFill and Reader improvements with more websites.

Enterprise customers get a fix for a problem that prevented administrators in large network groups from performing some tasks, and also a tweak that allows for faster authentication when roaming in 802.1x networks secured with Extensible Authentication Protocol - Transport Layer Security (EAP-TLS).

Apple is expected to release its substantially overhauled OS X 10.10 Yosemite operating system, currently in beta testing, next month.

Copyright © iTnews.com.au . All rights reserved.
Tags:
apple mac mavericks os x patch security software yosemite

Most Read Articles

Sweden exposed sensitive data on citizens, military personnel

Sweden exposed sensitive data on citizens, military personnel
Meet WooliesX, the new digital arm of Woolworths

Meet WooliesX, the new digital arm of Woolworths
IAG gets a chief digital officer

IAG gets a chief digital officer
AWS warns users about open S3 buckets

AWS warns users about open S3 buckets
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?