Jump to content

Apple Monster Update


Recommended Posts

Guest Reimar
Posted

Apple has issued a monster update with patches for about 50 security vulnerabilities affecting iPhone, Safari and Mac OS X users.

In a race against the clock, the company rushed out iPhone v1.0 with fixes for four different vulnerabilities that could allow hackers to take full control of the device. The fix comes 24 hours ahead of the expected full disclosure of one of the iPhone vulnerabilities at the Black Hat security conference here.

Security researcher Charlie Miller, who found what is believed to be the first remotely exploitable iPhone bug, told me by e-mail earlier that he was giving his iPhone takeover demo whether or not Apple released a patch.

Apple's advisory, Miller is credited with finding and reporting one of the issues — heap buffer overflows in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. The iPhone update, which is only available via iTunes, also fixes three other flaws in Safari, WebCore and WebKit.

Apple also released a separate advisory to highlight the browser fixes available for Safari. The bugs could cause code execution attacks on Mac OS X, Windows XP and Windows Vista systems.

A third advisory from Cupertino (Security Update 2007-007) patches a total of 45 vulnerabilities in a wide range of Mac OS X components.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...