Apple releases security fixes for iOS, OS X, Safari and Apple TV

Apple releases security fixes for iOS, OS X, Safari and Apple TV

Summary: One of the bugs fixed in iOS and Apple TV was first reported a year ago and fixed in OS X in May of this year.

SHARE:
TOPICS: Security, Apple
3

Apple has released new versions of iOS, OS X, Safari and Apple TV, and disclosed the vulnerabilities fixed in those new versions. A total of 60 unique vulnerabilities are addressed in the products. As is common with Apple, some of the vulnerabilities are quite old.

iOS 7.1.2 fixes 44 vulnerabilities in the previous version. These include two lock screen bugs and two which could allow bypass of Find My iPhone and Activation Lock, the new anti-theft measures. The new version also adds encryption of attachments in the Mail app, a problem first reported two months ago. The usual long list of WebKit bugs is fixed and the list of trusted root certificates was updated.

OS X Mavericks v10.9.4 and Security Update 2014-003 fix 19 vulnerabilities in earlier versions. Several privilege escalation bugs are listed here; in combination with an arbitrary code execution bug, which is also readily available, an attacker could take complete control of the system.

Safari 6.1.5 and Safari 7.0.5 fix 12 vulnerabilities in earlier versions. The most interesting is CVE-2014-1345, by which an attacker could spoof the domain name in the address bar, an excellent phishing tool. Nearly all of these bugs were also patched in iOS, of which Safari is considered an integral part.

Finally, Apple TV 6.1.2 fixes 35 vulnerabilities in earlier versions, many of them the same as those fixed in OS X and iOS.

Apple is famous for taking a long time to patch disclosed vulnerabilities. The oldest in this batch, CVE-2013-2875 (an SVG bug in Safari on iOS), was first fixed by Google in Chrome almost a year ago and was patched by Apple in Safari on OS X in MayCVE-2013-2927 is similar, although not quite as old. Finally, an authentication bug in cURL, fixed by the authors in January, was just fixed in the OS X version.

Apple credits several outside researchers for reporting these vulnerabilities. Various teams and individuals at Google are credited for 18 of the 60 vulnerabilities.

Topics: Security, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • A Year To Fix in Secret

    For the richest company, it takes them a whole year to fix security vulnerability is just insane!

    Too many sheeple buy their iCrap in false trust.
    seesaw1
  • getting poor

    $130 billion stock buybacks out of $155 billion by mid 2015. I don't know how they are going to maintain the 400 worldwide stores with that chunk of cash gone or even maintain influence over the market with $130 billion gone and a sinking year over year revenue by mid 2015
    Nathane Grave
  • Interesting that Google found so many

    sounds to me like Apple has informally outsourced too much of their Q/A. I would be embarrassed about that, if I were them.
    Mac_PC_FenceSitter