Apple monster update fixes iPhone, Safari, Mac OS X flaws

Summary:Apple has issued a monster update with patches for about 50 security vulnerabilities affecting iPhone, Safari and Mac OS X users.

Apple monster update fixes iPhone, Safari, Mac OS X flaws
LAS VEGAS -- Apple has issued a monster update with patches for about 50 security vulnerabilities affecting iPhone, Safari and Mac OS X users.

In a race against the clock, the company rushed out iPhone v1.0 with fixes for four different vulnerabilities that could allow hackers to take full control of the device. The fix comes 24 hours ahead of the expected full disclosure of one of the iPhone vulnerabilities at the Black Hat security conference here.

Security researcher Charlie Miller, who found what is believed to be the first remotely exploitable iPhone bug, told me by e-mail earlier that he was giving his iPhone takeover demo whether or not Apple released a patch.

Apple's advisory, Miller is credited with finding and reporting one of the issues -- heap buffer overflows in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. The iPhone update, which is only available via iTunes, also fixes three other flaws in Safari, WebCore and WebKit.

Apple also released a separate advisory to highlight the browser fixes available for Safari. The bugs could cause code execution attacks on Mac OS X, Windows XP and Windows Vista systems.

A third advisory from Cupertino (Security Update 2007-007) patches a total of 45 vulnerabilities in a wide range of Mac OS X components.

Topics: Apple, Hardware, iPhone, Mobility, Operating Systems

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.