Apple delivers security updates for iOS and Safari

Apple has released security updates for iOS, Safari and Mac OS X, including a patch to address a vulnerability in the SSL system caused by the security breach at Comodo last month.

A hacker used stolen data from Comodo to craft a series of fraudulent SSL certificates.

Apple said that the updates change its trust policy to recognise and block the fraudulent SSL certificates.

The update will be rolled out to iPhone, iPad and iPod Touch users running iOS 4.2 and 4.3, as well as OS X and the Mac and Windows versions of Safari.

Apple has also issued fixes for two flaws in the WebKit browser platform, which could be exploited by an attacker to perform a remote code execution attack.

The iOS 4.3.2 update also patches a remote code execution flaw in the QuickLook component and a possible data disclosure flaw in the libxslt software. A fix for the QuickLook vulnerability is also being included in the iOS 4.2.7 update.

iOS users can obtain the security fix by connecting the handset to iTunes via a Mac or PC connection. The Safari and OS X updates can be obtained through Apple's Software Update utility.

The release comes in a busy week for security patches. Microsoft released a record-breaking number of security fixes on Tuesday, while Adobe warned of a flaw in its Flash Player software which is being targeted in the wild.