Apple Issues 11 Software Patches - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Apple Issues 11 Software Patches

The fixes are designed to plug holes that range from buffer overflows to unauthorized wireless Bluetooth access to denial-of-service vulnerabilities.

Apple Computer Inc. issued 11 software patches on Thursday that are designed to plug holes and fix problems that range from buffer overflows to unauthorized wireless Bluetooth access to denial-of-service vulnerabilities.

All the patch identifiers begin with CVE-ID and CAN-2005 and can be downloaded from the Apple Web site. Two patches, 1721 and 1722, deal with the Apple Filing Protocol and fix a buffer overflow flaw that could allow unauthorized software to gain access and run.

The flaw affects only a small number of Apple customers, says one analyst. "These patches are for old Mac clients using AppleTalk networking," says Andy Jaquith, an analyst with the Yankee Group research firm. "It would have to be an all Apple shop for it to matter, but [other users] most have switched over to Samba Windows file sharing."

Other patch fix problems that would permit unauthorized access to a computer via wireless Bluetooth technology, corrupt or erase PDF documents, and improperly give a local user root access if a system is configured as a VPN server. These problems are relatively minor and affect a small number of users, Jaquith says.

One issue may be more significant. Four of the patches deal with PHP, a scripting language used to develop dynamic Web pages, which is part of the Mac operating system. They fix problems that could lead to a distributed denial-of-service attack or permit unauthorized code to run on the computer. "This could allow a remote attacker to take over any OS 10 machine," says Jaquith. "But I haven't heard about any exploits playing off these vulnerabilities."

Jaquith notes that Apple is usually reluctant to go public with security problems and software flaws, which he says "could be a good thing. Apple doesn't give out much information to attackers."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Gartner Forecast Sees 7.3% Shrinkage in IT Spending for 2020
Joao-Pierre S. Ruth, Senior Writer,  7/15/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll