Apple releases large swathe of security patches

Products affected include OSX Lion and QuickTime

Apple has released a large set of patches to address multiple security vulnerabilities in many of its products, including OSX Lion and QuickTime.

Many of the bugs fixed by the patches could be used by attacks to assume remote control of machines running Apple software, potentially turning them into 'bots', or nodes, on a hacker's network.

One of the updates revokes trust in digital certificates issued by Malaysian Certificate Authority DigiCert, which were found last year to contain weak cryptographic keys.

"DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke," said Apple in the advisory.

"An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted."

Another patch addresses a vulnerability where an OSX Lion Wi-Fi network created by Internet Sharing could lose its security settings after a system update.

"This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update," explained the advisory.

Last summer Nikolay Grebennikov, the CTO of security firm Kaspersky, called on Apple to employ an independent firm of security specialists to help it address and contain software vulnerabilities.