Apple Patches iOS, OS X

Wednesday, July 9, 2014 @ 09:07 AM gHale

Apple issued an update to OS X patching 19 vulnerabilities and iOS, fixing 44 in the mobile system.

OS X 10.9.4, also known as Mavericks, received 19 patches, 11 of them rated critical with an exploit where an attacker could execute “arbitrary code,” which is the most serious tier of vulnerabilities. The separate Security Update 2014-003 addressed three bugs in Lion and eight in Mountain Lion, the precursors to Mavericks which shipped in 2011 and 2012, respectively.

Which Mobile Platform is Secure? Toss a Coin
Russians Busted for iPhone Attacks
Activation Lock Bypass for iOS 7, iCloud
iPhone Hack Attack Spreading

Because Apple stopped shipping security updates for OS X Snow Leopard, there was no corresponding update for the 2009 edition that still powers about one in every six Macs.

Nine of the 19 Mavericks vulnerabilities — and 8 of the 11 critical flaws – came to Apple via Ian Beer, a Google security engineer.

Along with OS X Mavericks 10.9.4 and Security Update 2014-003, Apple updated Safari to 6.1.5 for Lion and Mountain Lion, and to 7.0.5 for Mavericks, patching 12 vulnerabilities in the browser, 10 of them critical.

“Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution,” Apple said in describing the impact of 10 of the browser bugs.

iOS 7.1.2 patched an even larger number of vulnerabilities. Apple fixed 44 flaws, 30 of them critical, in iOS. Most of the bugs were in WebKit, the open-source browser engine that powers Safari on iOS (and OS X).

On the non-security side, Apple fixed a small number of bugs in both OS X and iOS.

For the Mac, Apple said it had fixed a long-standing problem that prevented some systems from automatically connecting to known Wi-Fi networks, and improved the reliability of the OS to wake from sleep state.

For iOS, the mobile operating system for the iPhone and iPad, the non-security changes included improved connectivity with Apple’s iBeacons, and a fix for a data transfer bug when using third-party hardware accessories, such as a barcode scanner.

Leave a Reply

You must be logged in to post a comment.