Apple security updates for Mac, iOS, and AirPort

Apple security updates for Mac, iOS, and AirPort

Summary: A total of 33 vulnerabilities patched, most in iOS. Only the Airport Base Station was vulnerable to Heartbleed.

SHARE:
TOPICS: Security, Apple
9

On Tuesday, Apple released numerous security updates for iOS, OS X, and the AirPort Base Station.

Security Update 2014-002 for OS X Lion (10.7.x), Mountain Lion (10.8.x), and Mavericks(10.9.x) fixes a total of 13 vulnerabilities in a wide variety of system components, including image processing, HTTP protocol, and Ruby.

An SSL bug that allowed a "triple handshake" attack that could reveal the contents of communications was patched, but this is separate from the Heartbleed bug. Apple has not used OpenSSL in iOS or OS X for some time.

But the AirPort Base Station does still use OpenSSL, and a firmware update to that device patches the Heartbleed bug.

iOS 7.1.1, in addition to fixing some non-security bugs, plugs 19 security holes in the operating system, 16 of them in the WebKit browser engine in Safari. The oldest of these was reported to Google in May of 2013 and patched in July.

Topics: Security, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Where are these updates?

    I've opened up the Mac Store on my Mavericks MBP and none of the updates mentioned here are available.
    pianoman1962
    • Store?

      I think you'd want to run Software Update
      larry@...
      • When was the last time you used OS X?

        Even OS updates are now done via the Updates tab in the Store application.
        NitzMan
        • When did I last use OS X

          I think it was Mountain Lion. It's been almost a year though
          larry@...
  • No AirPort firmware update

    in Software Update as of 23 Apr 14. I did see the one for Mac OS 10.7.x however.
    romad@...
    • download it here

      It's available at Apple Downloads at http://support.apple.com/kb/DL1708
      larry@...
  • Apple slow security patches

    CVE-2014-1295 relating to the triple handshake SSL vulnerability was reported to Apple on 10 Jan 2014.
    It is now the last week of April before Apple releases a patch for it.
    Over 3 months of zero day for this MITM attack.
    Apple lives up to it's reputation for slow security patches.
    warboat
  • " 19 security holes in the operating system, "

    Gee, I was told that IOS was already secure!

    Good thing I didn't buy one of those Android wanna b's!
    Mujibahr
  • You're clueless

    Have you looked at the logs for Microsoft's patch Tuesday and counted the number of holes patched?

    BTW, the majority of these fixes were related to Webkit that maintained by both Google and Apple among others.
    NitzMan