Apple Issues 11 Software Patches - InformationWeek
IoT
IoT
Software // Enterprise Applications

Apple Issues 11 Software Patches

The fixes are designed to plug holes that range from buffer overflows to unauthorized wireless Bluetooth access to denial-of-service vulnerabilities.

Apple Computer Inc. issued 11 software patches on Thursday that are designed to plug holes and fix problems that range from buffer overflows to unauthorized wireless Bluetooth access to denial-of-service vulnerabilities.

All the patch identifiers begin with CVE-ID and CAN-2005 and can be downloaded from the Apple Web site. Two patches, 1721 and 1722, deal with the Apple Filing Protocol and fix a buffer overflow flaw that could allow unauthorized software to gain access and run.

The flaw affects only a small number of Apple customers, says one analyst. "These patches are for old Mac clients using AppleTalk networking," says Andy Jaquith, an analyst with the Yankee Group research firm. "It would have to be an all Apple shop for it to matter, but [other users] most have switched over to Samba Windows file sharing."

Other patch fix problems that would permit unauthorized access to a computer via wireless Bluetooth technology, corrupt or erase PDF documents, and improperly give a local user root access if a system is configured as a VPN server. These problems are relatively minor and affect a small number of users, Jaquith says.

One issue may be more significant. Four of the patches deal with PHP, a scripting language used to develop dynamic Web pages, which is part of the Mac operating system. They fix problems that could lead to a distributed denial-of-service attack or permit unauthorized code to run on the computer. "This could allow a remote attacker to take over any OS 10 machine," says Jaquith. "But I haven't heard about any exploits playing off these vulnerabilities."

Jaquith notes that Apple is usually reluctant to go public with security problems and software flaws, which he says "could be a good thing. Apple doesn't give out much information to attackers."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
AI as a Human Right
Guest Commentary, Guest Commentary,  3/8/2019
News
How to Become a Master Scrum Master
John Edwards, Technology Journalist & Author,  2/28/2019
News
TaylorMade IT Spin-Off Taps Cloud Database
Jessica Davis, Senior Editor, Enterprise Apps,  2/15/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
Slideshows
Flash Poll