Apple releases large swathe of security patches

By Stuart Sumner
03 Feb 2012 View Comments

Apple has released a large set of patches to address multiple security vulnerabilities in many of its products, including OSX Lion and QuickTime.

Many of the bugs fixed by the patches could be used by attacks to assume remote control of machines running Apple software, potentially turning them into 'bots', or nodes, on a hacker's network.

Further reading

One of the updates revokes trust in digital certificates issued by Malaysian Certificate Authority DigiCert, which were found last year to contain weak cryptographic keys.

"DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke," said Apple in the advisory.

"An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted."

Another patch addresses a vulnerability where an OSX Lion Wi-Fi network created by Internet Sharing could lose its security settings after a system update.

"This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update," explained the advisory.

Last summer Nikolay Grebennikov, the CTO of security firm Kaspersky, called on Apple to employ an independent firm of security specialists to help it address and contain software vulnerabilities.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

35 %
31 %
14 %
20 %