Apple Patches 45 Bugs In Massive Security Update - InformationWeek
Software // Enterprise Applications
10:35 AM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Apple Patches 45 Bugs In Massive Security Update

Apple patches several zero-day vulnerabilities, as well as a variety of bugs in Apple's software and third-party software such as Adobe's Flash Player and MySQL.

Apple has issued a security update for Mac OS X that fixes 45 security bugs.

The security update released Tuesday patches several zero-day vulnerabilities, along with other bugs in Apple's software and bugs in third-party software, including Adobe Flash Player and MySQL Server. Apple has issued several patch releases in the past few months.

The latest update, which is 8 Mbytes, is aimed at systems running Mac OS X 10.3.9. Patches are available for client and server systems.

Seven of the bugs being patched were published during the Month of Apple Bugs in January, and five were released during the Month of Kernel Bugs last November.

The update addresses a wide variety of flaws, including a buffer overflow in ColorSync, Apple's color management technology. Because of the vulnerability, if a user is enticed to open an image that has malicious code embedded in it, an attacker can trigger the overflow, which could crash the application or even allow remote code execution.

The update also patches a bug in Crash Reporter, which is an Apple program that logs information about all crashed programs. The vulnerability allows a local admin user to obtain high-level system privileges.

Also fixed in the update are several vulnerabilities within Disk Images, which are files containing the content and structure of any storage medium. The flaws generally lead to an application crash or arbitrary code execution.

Adobe's Flash Player has been updated to version to fix a potential vulnerability that could allow HTTP request-splitting attacks, which are Web application vulnerabilities that are often used to perform cross-scripting attacks.

There are multiple vulnerabilities in MySQL. The most serious one is an arbitrary code execution, according to Apple. MySQL is being updated from version 4.1.13 to 4.1.22.

Apple's Security Update can be pushed down to users through the Software Update feature in Mac OS X, or it can be downloaded manually from Apple Downloads.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll