Mega Apple patch fixes iPhone, Safari, OS X bugs

Update repairs 54 vulnerabilities

Written by Shaun Nichols in California

vnunet.com, 02 Aug 2007

Apple has released security updates for three of its most high-profile products, patchting 54 vulnerabilities in its iPhone software, Safari 3 beta browser, and the OS X operating system.

The first update in the iPhone's history addressed four flaws. The update include patches for two flaws for the embedded Safari browser that leaves users vulnerable to cross-site scripting attacks and remote code execution, which could lead to theft of confidential information.

Also fixed is a flaw in the WebKit component that could allow an attacker to use what the company calls "look-alike characters" in the URL bar to trick unwary users into visiting malicious web sites. The WebKit flaw is also patched in the Safari and OS X updates.

Unconfirmed reports have suggested that the update disables various hacks and cracks that allowed users to circumvent key parts of the activation process. Apple did return a phone call seeking confirmation of those reports.

The iPhone update is installed automatically when users insert their devices into the dock.

With 45 security updates, OS X received the vast majority of the security fixes. Apple reported that 11 of the flaws could lead to the execution of arbitrary code, which is typically considered the most severe type of security bug. Other flaws included cross site vulnerabilities, buffer overflows and privilege escalation.

The iChat and Preview applications were among the components that leave the user vulnerable to the remote execution of malicious code.

The update also addresses four flaws in WebCore, the system component used to render HTML files. If exploited, the WebCore flaws could allow an attacker to execute malicious java applets without the user's permission, or steal confidential information through a cross-site scripting attack.

Mac users and iPhone owners are not the only people affected by today's update. Apple also released an update for Safari that patches four vulnerabilities in the Windows XP and Vista versions of the web browser. Three of the patches also affect the Mac version.

The impact of the Safari vulnerabilities range from cross-site scripting flaws to remote code execution.

See also:

reader comments

related articles

 

QuickTime flaw adds to Apple's woes

Exploit especially dangerous for Firefox users 27 Nov 2007

Apple patches critical Safari holes

Four flaws addressed in latest update 17 Apr 2008

Hackers step up website attacks

Security forecast for 2008 makes grim reading 20 Feb 2008

latest news

Exclusive: Bell Micro EMEA confims job cuts

Distributor looking to make cost savings of 10 per cent across the business 21 Nov 2008

Avnet looks forward to 2009

Chief executive Roy Vallee reveals why the distributor is confident of riding out the storm 21 Nov 2008

PC growth forecasts slashed by two-thirds

Market watcher downgrades 2009 PC growth expectations from 11.9 to 4.3 per cent 21 Nov 2008

More news

poll

Securing the future

Securing the future

Does the security channel need a governing body?

Previous poll results

Vendor Q&A Session: Rick Wallis, NEC Computers

Vendor Q&A Session: Rick Wallis, NEC Computers

During this Q&A session Rick Wallis, UK Sales Director at NEC Computers, talks about the firm’s reasons for committing to a 100 per cent channel strategy

In the Studio with CRN: Oracle

CRN TV catches up with Alan Hartwell, vice president of technology solutions and channels at Oracle

More CRN TV

events

Channel Expo 2009 logo

Channel Expo 2009

The UK's top reseller exhibition will return to the NEC on 20 May 2009

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories

Primary Navigation