Apple Issues 11 Software Patches - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Apple Issues 11 Software Patches

The fixes are designed to plug holes that range from buffer overflows to unauthorized wireless Bluetooth access to denial-of-service vulnerabilities.

Apple Computer Inc. issued 11 software patches on Thursday that are designed to plug holes and fix problems that range from buffer overflows to unauthorized wireless Bluetooth access to denial-of-service vulnerabilities.

All the patch identifiers begin with CVE-ID and CAN-2005 and can be downloaded from the Apple Web site. Two patches, 1721 and 1722, deal with the Apple Filing Protocol and fix a buffer overflow flaw that could allow unauthorized software to gain access and run.

The flaw affects only a small number of Apple customers, says one analyst. "These patches are for old Mac clients using AppleTalk networking," says Andy Jaquith, an analyst with the Yankee Group research firm. "It would have to be an all Apple shop for it to matter, but [other users] most have switched over to Samba Windows file sharing."

Other patch fix problems that would permit unauthorized access to a computer via wireless Bluetooth technology, corrupt or erase PDF documents, and improperly give a local user root access if a system is configured as a VPN server. These problems are relatively minor and affect a small number of users, Jaquith says.

One issue may be more significant. Four of the patches deal with PHP, a scripting language used to develop dynamic Web pages, which is part of the Mac operating system. They fix problems that could lead to a distributed denial-of-service attack or permit unauthorized code to run on the computer. "This could allow a remote attacker to take over any OS 10 machine," says Jaquith. "But I haven't heard about any exploits playing off these vulnerabilities."

Jaquith notes that Apple is usually reluctant to go public with security problems and software flaws, which he says "could be a good thing. Apple doesn't give out much information to attackers."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Flash Poll