Apple released several security updates this week, addressing a number of vulnerabilities across its products ranging from Mac OS X to its Safari Web browser and iOS that runs iPhones, iPads and iPods.
Several of the updates addressed an incident surrounding the fraudulent SSL certificates recently issued by a Comodo affiliate registration authority, which could allow a man-in-the-middle attack redirecting connections and intercepting user credentials or other sensitive information.
A Summary of the security updates released by Apple are below:
Security Update 2011-002: Addresses a vulnerability in the Certificate Trust Policy for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Sever v10.6.7. Impact: Exploitation of this vulnerability may allow an attacker to intercept user credentials, or obtain sensitive information.
Safari 5.0.5: Addresses two vulnerabilities in the Safari WebKit. (1) An integer overflow issue existed in the handling of nodesets. (2) A use after free issue existed in the handling of text nodes. Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2
iOS 4.3.2 Software Update: Addresses multiple vulnerabilities affecting the Certificate Trust Policy, libxslt, QuickLook, and WebKit. Impact: Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information, or bypass security restrictions.
iOS 4.2.7 Software Update for iPhone: Addresses multiple vulnerabilities affecting the Certificate Trust Policy, QuickLook, and WebKit Packages. Impact: Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information.
For Windows users, see Microsoft’s Security Advisory on how Fraudulent Digital Certificates could allow spoofing here.
More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
