Apple Updates Mac OS X for 50+ Flaws

Sean Michael Kerner

Apple is out with its second major update to Mac OS X this year, with the 10.8.4 update. Security is a big focus in the update, with patches for over 55 vulnerabilities that span the Apple operating system. The 10.8.3 update which was released in March tackled 21 vulnerabilities.

One of the largest buckets of fixes is found in the open source OpenSSL packages for OS X, with at least 12 vulnerabilities being fixed. Among the OpenSSL fixes is one for the CRIME SSL attack that was first publicly disclosed in September of 2012. The attack could have potentially enabled an attacker to decrypt SSL content. The CRIME SSL attack is the successor to the BEAST SSL attack that was first reported in September of 2011.

“There were known attacks on the confidentiality of TLS 1.0 when compression was enabled,” Apple’s advisory states. “This issue was addressed by disabling compression in OpenSSL.”

There is also a serious SMB (Server Message Block) networking protocol vulnerability that is being fixed in the 10.8.4 update. SMB enables files sharing across heterogeneous networks.

“If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory,” Apple warned. “This issue was addressed through improved access control.”

The 10.8.4 update also addresses multiple QuickTime media vulnerabilities. The vulnerabilities could have potentially enabled a malicious attack via movies or music that execute arbitrary code.

Addressing Safari Issues

Apple is also updating its Safari browser to version 6.0.5 for 26 different flaws. Of those flaws, 23 are memory corrruption related issues in the WebKit rendering engine.

“Multiple memory corruption issues existed in WebKit,” Apple noted in its advisory. “These issues were addressed through improved memory handling.”

The majority of the WebKit memory corruption flaws were reported by the Google Chrome Security Team and those associated with it. To date, both Safari and Chrome have been using the open source WebKit engine to underpin their respective browsers.

That’s a situation that is now changing, as Google is leaving WebKit behind and moving to its own Blink engine.

Mac OS X users can get the updates via the Mac App Store or from the Apple Support site.

Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.

Previous article
How to Find and Track Mobile Devices
Next article
Bangladesh Air Force Suffers Massive Data Breach
Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Advertisers

Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.