Apple releases security fixes for iOS, OS X, Safari and Apple TV

Summary:One of the bugs fixed in iOS and Apple TV was first reported a year ago and fixed in OS X in May of this year.

Apple has released new versions of iOS, OS X, Safari and Apple TV, and disclosed the vulnerabilities fixed in those new versions. A total of 60 unique vulnerabilities are addressed in the products. As is common with Apple, some of the vulnerabilities are quite old.

iOS 7.1.2 fixes 44 vulnerabilities in the previous version. These include two lock screen bugs and two which could allow bypass of Find My iPhone and Activation Lock, the new anti-theft measures. The new version also adds encryption of attachments in the Mail app,  a problem first reported two months ago . The usual long list of WebKit bugs is fixed and the list of trusted root certificates was updated.

Featured Review

Hands-on with the CM4 Q Card Case for iPhone 6 Plus: Carry cards while using Apple Pay

Even with Apple Pay serving as your digital wallet, there remains the need for physical cards and that is where the Q Card Case comes in handy.

OS X Mavericks v10.9.4 and Security Update 2014-003 fix 19 vulnerabilities in earlier versions. Several privilege escalation bugs are listed here; in combination with an arbitrary code execution bug, which is also readily available, an attacker could take complete control of the system.

Safari 6.1.5 and Safari 7.0.5 fix 12 vulnerabilities in earlier versions. The most interesting is CVE-2014-1345, by which an attacker could spoof the domain name in the address bar, an excellent phishing tool. Nearly all of these bugs were also patched in iOS, of which Safari is considered an integral part.

Finally, Apple TV 6.1.2 fixes 35 vulnerabilities in earlier versions, many of them the same as those fixed in OS X and iOS.

Apple is famous for taking a long time to patch disclosed vulnerabilities. The oldest in this batch, CVE-2013-2875 (an SVG bug in Safari on iOS), was first fixed by Google in Chrome almost a year ago and was patched by Apple in Safari on OS X in MayCVE-2013-2927 is similar, although not quite as old. Finally, an authentication bug in cURL, fixed by the authors in January, was just fixed in the OS X version.

Apple credits several outside researchers for reporting these vulnerabilities. Various teams and individuals at Google are credited for 18 of the 60 vulnerabilities.

Topics: Security, Apple

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.