Apple patches multiple security issues
By Stewart Mitchell
Posted on 10 May 2012 at 09:56
Apple has released updates to OS X Lion and Safari to plug serious security holes.
The company said Safari 5.1.7 patches flaws that allow criminals to target users with cross-site scripting attacks and run malicious code or fill in forms without user interaction. It also disables old versions of Flash to prevent criminals from taking advantage of unpatched flaws in the add-on.
“This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory,” Apple said. “Out-of-date versions of Adobe Flash Player do not include the latest security updates and will be disabled to help keep your Mac secure."
There are vulnerabilities leading to information leakage - up to and including raw passwords - escalation of privilege and remote code execution
"If Safari 5.1.7 detects an out-of-date version of Flash Player on your system, you will see a dialog informing you that Flash Player has been disabled. The dialog provides the option to go directly to Adobe's website, where you can download and install an updated version of Flash Player.”
The OS X Lion 10.7.4 update fixes 26 vulnerabilities.
According to experts, the updates should be installed as soon as possible, because they fix flaws that could lead to real threats, such as the security issues that have hit the company recently.
“This update patches numerous vulnerabilities, including issues at bronze, silver and gold medal levels of insecurity," said security analyst Paul Ducklin on the Sophos Naked Security blog.
“There are vulnerabilities leading to information leakage - up to and including raw passwords - escalation of privilege and remote code execution.”
“Notably, the 10.7.4 update fixes the recently-discovered FileVault flaw. Apple inadvertently shipped a version of FileVault - the software which encrypts your home folder - with a debugging option turned on.”
They really don't like Flash
A lot of emphasis on Flash in the report or details from Apple. Almost like they're hiding their own flaws behind issues associated with (really) old Flash versions. I wonder how many people are using prior versions of Flash still, assume most will have automatically updated it?
By skarlock on 10 May 2012
I thought that apple didn't have security flaws.
By qpw3141 on 10 May 2012
Notably, the 10.7.4 update fixes the recently-discovered FileVault flaw.
3 Months is "recent", when it comes to security? :-O
I think somebody needs to kick Apple's security department where the sun don't shine, if that is what they call timely!
By big_D on 10 May 2012
It's about time...
... Apple are now worse than Microsoft when it comes to patching things late and releasing buggy software.
The term applied to Microsoft until Windows 7 came along can now be firmly applied to Apple...
"Don't touch it until Service Pack 1 comes out!!!"
Are you listening Apple...?
By mrmmm on 10 May 2012
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software