Apple has introduced a number of security updates for its software including the Mac OS X 10.7 Lion, QuickTime, Webmail, PHP, SquirrelMail, CoreText, X11 and ColorSync. The updates will beef up security of Apple devices, making them impervious to hackers. Reportedly, OS X 10.6 Snow Leopard update is not functioning correctly yet; users have been advised to delay updating Snow Leopard till further notice from Apple. In total, 52 security bugs have been fixed. Apple has also revoked the white-listing for two Malaysian certificating authorities. Unfixed versions of Apache were vulnerable to Security Sockets Layer (SSL) leaks, putting the security of ecommerce businesses at stake.
FoxNews.com
One of the most notable and serious flaws Apple addressed exists in unpatched versions of Apache. The vulnerability could allow a hacker to decrypt Secure Sockets Layer (SSL) encrypted Web sessions. The glitch, as Dennis Fisher from the security firm Kaspersky Lab explained, was exploited last year by a proof-of-concept tool called BEAST
Read the full review
MSNBC.com
The update — which is available for both Mac OS X Lion as well as Mac OS X Snow Leopard, its predecessor — addresses security flaws in several of Apple’s “popular software products and components,” SecurityNewsDaily’s Matt Liebowitz report. The issues addressed affect QuickTime, SquirrelMail, Webmail, PHP, Internet Sharing, ColorSync, CoreText, X11, Apache, and the Mac OS X operating system itself.
CNET.com
After updating, instead of loading and running properly applications would crash, not be able to save new files, and otherwise behave oddly, causing a number of people who still rely on older versions of popular applications such as Office 2004, Photoshop CS, and Quicken 2007 to no longer be able to do their work.
Immediately following news of these problems Apple began investigating the issue, and one user issued his own revisioner to address the problem until Apple was able to fix the problem.
eWeek.com
The Security Update 2012-001 includes 39 fixes addressing 52 different common vulnerabilities and exposures. Apple also fixed another issue related to Secure Sockets Layer certificates that didn’t have a CVE assigned. For Snow Leopard users running the latest release, the update contains 200MB of code. But Lion users would be downloading anywhere from 700MB to 1.4GB, depending on the exact version currently installed. With this update, Lion users will be at version 10.7.3.
ComputerWorld.com
Of the 51 total flaws, 40 were tagged by Apple with its usual “arbitrary code execution” phrase, the company’s way of saying that the bugs were critical and could be used by attackers to hijack a Mac with a working exploit. One of the vulnerabilities could be exploited in a “drive-by” attack, which only requires duping users into browsing to a malicious site to be successful.
All the trademarks & logos referenced herein are the property of their respective owners.
