14 DAY TRIAL // Apple has patched a number of security holes in both Mac OS X and iOS with the release of several software updates whose contents are nearly identical, excepting specific platform fixes.
A bug exploited by Charlie Miller and Dion Blazakis working with TippingPoint's Zero Day Initiative is one of the vulnerabilities fixed in iOS 4.3.2 and iOS 4.2.7, where a memory corruption in QuickLook’s handling of Microsoft Office files could be used by an attacker to execute code, if a user viewed a malicious file.
Another important patch, targeting both Mac OS X and iOS customers, involves several fraudulent SSL certificates issued by a Comodo affiliate registration authority.
“This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information,” Apple states while documenting the contents of ‘Security Update 2011-002’.
“This issue is addressed by blacklisting the fraudulent certificates,” the company outlines. A Server-oriented version of the update is available as well.
The Mac maker notes that, “For iOS, this issue is addressed with iOS 4.3.2 and iOS 4.2.7.”
Finally, an update bringing the Safari web browser to version 5.0.5 contains two code corrections for the WebKit page rendering engine, as well as the Certificates Trust Policy fix for Mac OS X users.
The security advisory explains that Windows PC users will not get the exact same update because the Windows version of Safari relies on the certificate store of the host operating system to determine if an SSL server certificate is trustworthy.
As such, “Applying the update described in Microsoft Knowledge Base Article 2524375 will cause Safari to regard these certificates as untrusted,” Apple explains.
Those interested to learn more are directed to Microsoft’s own Support site here.
Softpedia readers can download the latest security updates from Apple using the links below.
Download iOS Software Update 4.3.2 / 4.2.7 for iPhone, iPod touch (Free)
Download iOS 4.3.2 Software Update for iPad (Free)
Download Security Update 2011-002 for Mac OS X
Download Security Update Server 2011-002 for Mac OS X Server