• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Apple Releases OS X, Safari, and iOS Security Updates

April 15, 2011 By Corey Nachreiner

Yesterday, Apple released a handful of security advisories for various products, including:

  • OS X 10.6.x (Snow Leopard)
  • Safari 5.0.5 for Mac and Windows
  • iOS 4.3.2
  • iOS 4.2.7 (for CDMA iPhones)

The Snow Leopard update only fixes one security issue. If you read my “Fraudulent Certificate” post from a few weeks ago, you know that attackers were able to get their grubby hands on some fraudulently-issued, but technically legitimate digital certificates for some pretty well known domains. At the time, Microsoft had released a fix for Windows to ensure that it would not consider these certificates legitimate. This small OS X updates does the same thing for Snow Leopard.

The Safari update, which is probably the most critical of them all, fixes two flaws in the popular browser’s WebKit component. By enticing you to a web page containing malicious code, an attacker could leverage this flaw to execute code on your computer, with your privileges. Attackers commonly exploit these type of flaws in drive-by download attacks.

The two iOS updates also fix various code execution vulnerabilities that could occur on iPhones, iPods, and iPads. The worst is similar to the Safari vulnerabilities above. If an attacker can lure you to a special site with your iPhone, he could exploit this vulnerability to execute code. Since certain applications run on iPhones as root, this could give attackers full control of the device. In the real-world, these sorts of iOS flaws are more commonly leveraged by jailbreakers; to gain control of their phones. However, nothing is stopping malicious attackers from leveraging the same techniques to spread mobile malware.

If you have any of these products, you should download and install the updates recommended in each advisory, or just let Apple’s automatic update software do it for you. — Corey Nachreiner, CISSP. (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, jailbreak, Safari, security update

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use