Apple monster update fixes iPhone, Safari, Mac OS X flaws

Apple monster update fixes iPhone, Safari, Mac OS X flaws

Summary: Apple has issued a monster update with patches for about 50 security vulnerabilities affecting iPhone, Safari and Mac OS X users.

SHARE:

Apple monster update fixes iPhone, Safari, Mac OS X flawsLAS VEGAS -- Apple has issued a monster update with patches for about 50 security vulnerabilities affecting iPhone, Safari and Mac OS X users.

In a race against the clock, the company rushed out iPhone v1.0 with fixes for four different vulnerabilities that could allow hackers to take full control of the device. The fix comes 24 hours ahead of the expected full disclosure of one of the iPhone vulnerabilities at the Black Hat security conference here.

Security researcher Charlie Miller, who found what is believed to be the first remotely exploitable iPhone bug, told me by e-mail earlier that he was giving his iPhone takeover demo whether or not Apple released a patch.

Apple's advisory, Miller is credited with finding and reporting one of the issues -- heap buffer overflows in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. The iPhone update, which is only available via iTunes, also fixes three other flaws in Safari, WebCore and WebKit.

Apple also released a separate advisory to highlight the browser fixes available for Safari. The bugs could cause code execution attacks on Mac OS X, Windows XP and Windows Vista systems.

A third advisory from Cupertino (Security Update 2007-007) patches a total of 45 vulnerabilities in a wide range of Mac OS X components.

Topics: Apple, Hardware, iPhone, Mobility, Operating Systems

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

82 comments
Log in or register to join the discussion
  • Good lord Ryan , do you ever sleep ? ROTFLMAO

    I know I downloaded the updates & still haven't noticed any improvements . Perhaps it was under the hood ? I don't know ? I still have one major concern about OS 10.4.10 update . Every time I reboot my Mac , certain system preferences return to the default mode . I don't know what gives , but damn , Apple has to fix the issues that were brought about with update OS 10.4.10 . Anyone else having these issues ? Let me know .
    MythBuster
    • Have you tried

      Repairing all permissions via disk utility?

      This issue you describe is not common, and can be caused by a current plist or a permissions issue. Try repairing permissions and see if that helps you. I have not seen this issue as a result of 10.4.10 on any machines that I have serviced/used. But I have rarely seen similar issues in the past.

      Oh and this update was all under the hood. A security update should never make a visible difference, well unless you were always getting hacked before :P
      Stuka
    • Ah.

      the old fix for the fix. <br>
      Apple rushed the iPhone out the door half baked. They intentionally did this to make their customers suffer. <br>
      Safari is such a swiss cheese, bug ridden spaghetti code mess, they should start over....perhaps they should just offer IE support only. <br>
      I mean we have 2 or 3 Mega patches just for OS X (boy does that OS have a lot of bandaids on it) and now Apple is releasing Monster patches for multiple products. Almost it's entire fleet! <br>
      I don't know about you but I find Windows just runs smoother. The windows paint so smoothly and I don't have megapatch after megapatch topped off with a monster patch. i yi yi. <br>
      Apple is good at 2 things: Marketing and deceiving the public (in their case those are one in the same) but they have little clue about how to code. Unfortunately people are tricked into buying their 4th rate stuff just because they've rebranded some hardware from Taiwan and wrote some app code that breaks every 2 seconds. Jobs is evil. Their ipod/itunes monopoly needs to be shut down. They are a bunch of thugs and have associations with very shady characters. well, Jobs himself is quite shady. <br>
      Well, next time you think about buying a computer or phone or which browser to choose, you know where NOT to go. <br>
      I heard they have another monster patch coming for OS X this fall...it's called Leopard.
      xuniL_z
      • *yawn* (NT)

        nt
        Stuka
      • I thought that Jobs guy looked a bit shady

        I thought it was just those black tees, jeans and stubble but now I learn here that he really is a thug :)
        dougscrm@...
      • Is this parody?

        You're either intentionally hilarious, or unintentionally
        hilarious ? I can't decide which. I'm going to give you the
        benefit of the doubt, and guess that you were actually
        describing Microsoft, Bill Gates, and the Zune. For the
        sake of our gene pool, I [b]hope[/b] that's what you were
        describing.
        buddhistMonkey
        • Reality hits home and some cant see it

          That guy should thank you for volunteering yourself as the living embodiment of the kind of Apple Jack that is the target of his parody.

          Try a reality check for a change. Apple not only supplies their OS as a leading product, they have it inexorably bound to their re branded hardware. They dominate the mp3 player market so pervasively they exercise a monstrous control over the music industry, and that is only bound to increase if things continue as they have.

          Microsoft and Gates get the boots laid to them by Apple users every chance an available "AppleJack" apologist comes across a negative comment about an Apple product or positive comment about a Microsoft product. It went way beyond the realm of reasonable commentary from an opposing viewpoint a long long time ago. As evidenced by your virtually "retarded" remark about:

          "guess that you were actually describing Microsoft, Bill Gates, and the Zune. For the sake of our gene pool, I hope that's what you were describing"

          I hope you were not serious when you said that because it is far too blatant an example of what comes across as a psychosis resulting in a person linking important and significant parts of their self esteem to their computer, its operating system and other products the company sells.

          If you had a real brain you might have stopped to actually think for a minute that the nonsense that guy was spewing was identical in nature and content to the utter crap AppleJack apologists spew about Microsoft, Windows and Gates. But no; you fell head long right into it because you are clearly one of the inbred Apple Hoard who has some bizarre affliction that causes you to hate everything Microsoft with such a ferocity that it blinds you to reality, even when it stares you right in the face.

          Take a vacation and learn to relax. Apple makes fine computers and OSX has alot going for it; Jobs doesn't need the help of an overwrought AppleJack pleading his case for him. Get used to it, Apple is a long long way from perfect, and if some how the day ever arrives that Apple is even 30% as popular as Windows Apple computers will probably be getting much closer to 30% of the internet attacks that Windows gets, and we both know that would be alot.

          A reality check would tell you that if Apple was setup the same way it is today and they had the market share in the products they sell similar to the market share Microsoft has for the products they sell now, the world would be a much much worse place for the IT industry. Bad enough Microsoft has such OS dominance, I couldn't imagine a world with a similar OS and hardware dominance, terrible.
          Cayble
  • Way cool.......

    Pagan jim
    Laff
    • Apple the new patch monster? <NT>

      ...
      Scrat
      • Actually "patches" don't bother me or at least come

        close to the "bother" exploits cause me. As long as Apple stays ahead of the game
        I'm cool with that. Look the iPhone is what a month or so old and some hacker dude
        found a flaw and today is suppose to demo it right? But now it's fixed....again cool.

        I also here that Leapord is now Unix 3 certified...again cool.

        Pagan jim
        Laff
  • By the way... (Leopard news)

    Great news from the serious side of I.T.
    http://weblog.infoworld.com/enterprisemac/archives/2007/07/leopard_gets_un.html
    systemx
  • what Apple bugs?

    you dorks that sit around here and bash Microsoft about patches/bugs are hilarious.
    As for macs, less bugs get reported when no one uses your hardware.
    asdf44444
    • not as hilarious as...

      ..dorks that sit around and bash people that bash the people that bash microsoft.

      Also, which hardware bugs get reported to Microsoft? Last I checked, they mainly made software - unless of course, you're referring to the billion + dollar xbox debacle. That would sure inspire me to buy a computer made by Microsoft.
      pir8matt
      • Jobs said they were a Software company

        I think in the 90s he said the opposite, he keeps flipping on that.

        But lets see for a market that is dominated by Xbox, not bad.

        As for apple, didnt they have a bunch of screwed up laptops they never took barely any responsibility for?
        JABBER_WOLF
    • re: what Apple bugs?

      Yeah,

      "you dorks that sit around here and bash Microsoft about patches/bugs are hilarious."

      Well I don't......

      "As for macs, less bugs get reported when no one uses your hardware."

      no one? Now that's hilarious! Dork ;-)
      Macathome
      • While it was out-of-line, I think he's referring to

        Market Share which has some validity. If the iPhone sales, what not what expected, were large in number look at the vulnarabilities that were discovered. As you get more Mac users, you will see more patches...just a law of averages. At least that is what I think he was referring to.
        fr0thy2.
        • Exactly.

          Get ready for this because its going to happen; mark this post because you will be able to look back and say, "I read it here first!" The same brainless AppleJacks that refuse to concede that a large part of Windows security concerns, relative to the other operating systems is that Windows has almost complete dominance in the market place and taking the effort to create working exploits for the others would be almost pointless if it was being done for anything more then a hobby.

          Lets just see how many iPhones do sell. I bet once the streets a crawling with then their will be one patch after another, and what do you think the AppleJacks are going to say??? Its such a popular phone the hackers are out to target it and ignore the others. And they would be right; just as right as those who point out that a majority of Windows exploits exist because its a worthwhile target to develop exploits for.
          Cayble
    • Less bugs...

      should be "fewer bugs."
      levinson
    • Gun Jumping

      Excellent, insightful and original points, though perhaps to be held in abeyance until
      someone actually says something about Microsoft in the threads.
      DannyO_0x98
  • C'mon now, let's be professional about this

    I'm a Windows XP user with a legacy "Next Generation" iMac on his desk, so don't mistake me for a Mac fan spouting off.

    "Monster Update"? Let's be a little more professional about our reporting, shall we? I just downloaded and installed this single, 15.1 MB update. I, like most of the world, don't have an iPhone, so I guess those folks will have a bit more to download. The download and installation tooks seconds, and it was painless.

    I've seen much bigger Mac updates. I've seen much bigger Windows updates. So what's the big deal about this one? It certainly should not be sensationalized, as your article does.
    SteveMak