Apple Fixes 50 Vulnerabilities in Mac OS, iPhone
Apple released a bevy of patches for the Macintosh operating system, as well as its first patch for the iPhone late Tuesday. Almost fifty separate vulnerabilities have been fixed as a result.
The move may be in response to the upcoming Black Hat Conference, where at least one of the flaws patched -- the one aimed at iPhone -- was to be the subject of discussion. Apple prides itself on its claims that Mac OS is one of the most secure operating systems around.
Apple's confidence in the security of its OS has also made it a higher-profile target for hackers and security experts, who have been finding issues within Mac OS X in increasing numbers.
The patch for iPhone serves a dual purpose: it not only fixes several security issues, but also actively searches out and overwrite any changes it detects that were made to the device's firmware. Some have been looking for ways to unlock the device to use it on other carriers, and this update erases those efforts.
Fixes for Safari in iPhone corrects a cross-site scripting flaw and buffer overflow vulnerability, while a fix for the WebCore object closes a hole that could allow cross-site requests. Patches for the WebKit object prevent an issue with International Domain Name support and an issue where a specially-crafted website could cause application termination or code execution.
The latter three patches appears in patches for Mac OS X as well. The remaining list of patches affect a wide array of Mac OS applications and objects, including bzip2, CFNetwork, various CoreAudio features, cscope, gnuzip, iChat, Kerberos, mDNSResponder, PDFKit, PHP, Quartz Composer, Samba, SquirrelMail, and Tomcat.
All Mac OS X patches are accessible through the Software Update feature in the operating system, or on Apple's Software Download page. The iPhone update will be delivered automatically through iTunes.