11.5 C
London
Sunday, October 22, 2017
Home Tags Apple OSX Mavericks

Tag: Apple OSX Mavericks

In addition to a number of updates in OS X 10.10.3, Apple is fixing vulnerabilities across its OS X operating system. For months, Apple has been previewing the new Photos App, which has now officially landed in the new OSX 10.10.3 Yosemite update that first became generally available on April 8. The OS X 10.10.3 update also includes new emoji characters and improves WiFi performance.  Perhaps even more noteworthy, though, is the volume of security updates that are included in the 10.10.3 milestone.  Apple is patching a long list of vulnerabilities across its OS X operating system that were found by both internal Apple resources and external security researchers. Among the security issues patched in OS X 10.10.3 is a security vulnerability in its administration framework. The issue, identified as CVE-2015-1130, was reported by security researcher Emile Kvarnhammar, CEO at TrueSec. "The admin framework in Apple OS X contains a hidden backdoor API to root privileges," Kvarnhammar wrote in a blog post. "It's been there for several years (at least since 2011), I found it in October 2014, and it can be exploited to escalate privileges to root from any user account in the system." While Apple has now fixed the CVE-2015-1130 in the 10.10.3 update for users of Apple's Yosemite OS 10.10 operating system, older OS X systems are also at risk. Kvarnhammar noted that Apple told him the fix required a substantial amount of changes and a patch would not likely be back-ported for OS X 10.9 and older. "Our recommendation to all OS X users out there: Upgrade to 10.10.3 (or later)," Kvarnhammar wrote. Apple also has nine patches in OS X 10.10.3 for various OS X kernel vulnerabilities. Among the patched kernel flaws is CVE-2015-1103, which was discovered by Zimperium Mobile Security Labs. According to Apple's advisory, the flaw could have enabled an attacker to redirect user traffic to arbitrary hosts. "ICMP (Internet Control Message Protocol) redirects were enabled by default on OS X," Apple's advisory states. "This issue was addressed by disabling ICMP redirects." Google's Project Zero security research team is also well-represented on the Apple OS X 10.10.3 patch list and is credited with reporting seven vulnerabilities. Five of the Google Project Zero vulnerabilities are found in the Apple Type Service (ATS) component of OS X. The impact of the issues is that arbitrary code could have been executed. The other two of the Google Project Zero issues are found in the IOHIDFamily, a library of human interface interactions.  The IOHDFamily is being patched for six different vulnerabilities. Apple is now providing its users with an updated version of the open-source OpenSSL cryptographic library for Secure Sockets Layer/Transport Layer Security (SSL/TLS). The new OpenSSL version 0.9.8zd fixes six vulnerabilities. Apple is also providing its OS X users with the Safari 8.0.5 update. Seven security updates in the Safari browser are specifically for the WebKit rendering engine. One particularly nasty flaw fixed in Safari is CVE-2015-1129, an SSL/TLS tracking issue. According to Apple, the vulnerability could have enabled users to be tracked by malicious Websites using client certificates. "An issue existed in Safari's client certificate matching for SSL authentication," Apple warned in its advisory. "This issue was addressed by improved matching of valid client certificates." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  
Apple updates Yosemite for the Thunderstrike hardware vulnerability, which was among 54 patched flaws. Apple released its OS X 10.10.2 update on Jan. 27, providing users with fixes for 54 identified Common Vulnerabilities and Exposures (CVEs). Among the fixed vulnerabilities are updates for issues identified by Google's Project Zero malware research organization, as well as the so-called Thunderstrike hardware vulnerability. In December 2014, security researcher Trammel Hudson publicly demonstrated Thunderstrike (also identified as CVE-2014-4498) as a vulnerability that enables an attacker to infect a Mac OS X machine by way of the Thunderbolt peripheral port. "Thunderbolt devices could modify the host firmware if connected during an EFI [Extensible Firmware Interface] update," Apple warned in its advisory. "This issue was addressed by not loading option ROMs during updates." Google researchers have been actively looking at OS X security in recent months as part of the Project Zero effort that was revealed in July 2014. Project Zero has a policy of publicly disclosing flaws 90 days after they have been reported to a vendor. That policy has led Project Zero to disclose multiple zero-day flaws in Microsoft products. In the OS X 10.10.2 update, Apple credits Google Project Zero researchers for the discovery of 12 vulnerabilities (CVE-2014-8817, CVE-2014-8819, CVE-2014-8820, CVE-2014-8821, CVE-2014-4486, CVE-2014-4389, CVE-2014-8823, CVE-2014-4495, CVE-2014-4492, CVE-2014-8835, CVE-2014-8836 and CVE-2014-8817). Three of the vulnerabilities (CVE-2014-8819, CVE-2014-8820 and CVE-2014-8821) reported by Google's Project Zero affect the Intel graphics driver used in OS X. "Multiple vulnerabilities existed in the Intel graphics driver, the most serious of which may have led to arbitrary code execution with system privileges," Apple warned. Among the other interesting vulnerabilities that Google's Project Zero reported that are fixed in OS X 10.10.2 is CVE-2014-8836, a flaw in OS X's Bluetooth driver. "An error existed in the Bluetooth driver that allowed a malicious application to control the size of a write to kernel memory," Apple warned in its advisory. "The issue was addressed through additional input validation." Google's Project Zero isn't the only research group that found Bluetooth vulnerabilities in Apple's operating system. Roberto Paleari and Aristide Fattori of Emaze Networks are credited by Apple for reporting CVE-2014-8837. "Multiple security issues existed in the Bluetooth driver, allowing a malicious application to execute arbitrary code with system privilege," Apple's advisory stated. The open-source Bash (Bourne Again SHell) was the subject of much scrutiny in 2014, due to the Shellshock vulnerability that could have enabled system exploitation. OS X 10.10.2 provides updates for three Bash issues (CVE-2014-6277, CVE-2014-7186 and CVE-2014-7187) that could have potentially enabled a local attacker to execute arbitrary code. The open-source OpenSSL cryptographic library was also the subject of scrutiny in 2014, due to the Heartbleed flaw, which could have enabled an attacker to decipher encrypted communications. In OS X 10.10.2, Apple is updating OpenSSL for three vulnerabilities (CVE-2014-3566, CVE-2014-3567 and CVE-2014-3568) as part of the update to OpenSSL version 0.9.8zc. Apple is also updating its Safari browser to version 8.0.3, fixing four memory corruption vulnerabilities in the WebKit rendering engine. The Apple 10.10.2 update is the first incremental update for OS X 10.10 Yosemite since the 10.10.1 update, which provided four security fixes, was released on Nov. 17, 2014. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
New update patches a number of widely reported issues.
Security Update 2015-001 is recommended for all users and improves the security of OS X. For detailed information about the security content of this update, please visit: http://support.apple.com/kb/HT1222 See http://support.apple.com/kb/HT...
This update addresses a critical security issue with the software that provides the Network Time Protocol service on OS X, and is recommended for all users. See this article for details on how to verify the authenticity of this download. For more inf...
Apple released its first incremental update for its new OS X 10.10 Yosemite operating system on Nov. 17, providing users with four security fixes, only one of which is rated as being critical. OS X 10.10 Yosemite was officially released by Apple on O...
This update installs the latest software for your EPSON printer or scanner for Mac OS X v10.6 Snow Leopard.  For more information about printing and scanning software, see http://support.apple.com/kb/HT3669#epson
As millions of Apple Mac OS X fans were waiting on Oct. 16 for the opportunity to update to the new OS X 10.10 Yosemite release, a strange thing happened. An Apple app store notification popped up with a security update identified as Apple Security U...
Security Update 2014-005 is recommended for all users and improves the security of OS X. For detailed information about the security content of this update, please visit: http://support.apple.com/kb/HT1222 See this article for details ...
Fixes Bash bug discovered last week that's already been seen in the wild.