Monday, March 29, 2010

Apple Mega Patch Covers 88 Mac OS X Vulnerabilities

Via -

Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.

The Mac OS X v10.6.3 update, which is considered "critical," covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.

In some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.

The update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.

It also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.

Here's the full list of the patched vulnerabilities.

The Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web page.


That a big list of CVEs -

Unfortunately, this meta patch does not include a fix for the bug used by Charlie Miller at PWN2OWN 2010.

New patch doesn't fix pwn2own bug. Sorry suckers, gonna have to wait for the next patch :p


According to Computerworld....
Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008. The update dwarfed any released last year, when Apple's largest patched 67 vulnerabilities.....More than 40% of the vulnerabilities patched today, 37 out of the 92, were accompanied by the phrase "may lead to arbitrary code execution," which is Apple's way of saying that a flaw is critical and could be used by attackers to hijack a Mac.

No comments:

Post a Comment