Mega Apple patch fixes iPhone, Safari, OS X bugs

Update repairs 54 vulnerabilities

Shaun Nichols in California

Apple has released security updates for three of its most high-profile products, patchting 54 vulnerabilities in its iPhone software, Safari 3 beta browser, and the OS X operating system.

The first update in the iPhone's history addressed four flaws. The update include patches for two flaws for the embedded Safari browser that leaves users vulnerable to cross-site scripting attacks and remote code execution, which could lead to theft of confidential information.

Advertisement

Also fixed is a flaw in the WebKit component that could allow an attacker to use what the company calls "look-alike characters" in the URL bar to trick unwary users into visiting malicious web sites. The WebKit flaw is also patched in the Safari and OS X updates.

Unconfirmed reports have suggested that the update disables various hacks and cracks that allowed users to circumvent key parts of the activation process. Apple did return a phone call seeking confirmation of those reports.

The iPhone update is installed automatically when users insert their devices into the dock.

With 45 security updates, OS X received the vast majority of the security fixes. Apple reported that 11 of the flaws could lead to the execution of arbitrary code, which is typically considered the most severe type of security bug. Other flaws included cross site vulnerabilities, buffer overflows and privilege escalation.

The iChat and Preview applications were among the components that leave the user vulnerable to the remote execution of malicious code.

The update also addresses four flaws in WebCore, the system component used to render HTML files. If exploited, the WebCore flaws could allow an attacker to execute malicious java applets without the user's permission, or steal confidential information through a cross-site scripting attack.

Mac users and iPhone owners are not the only people affected by today's update. Apple also released an update for Safari that patches four vulnerabilities in the Windows XP and Vista versions of the web browser. Three of the patches also affect the Mac version.

The impact of the Safari vulnerabilities range from cross-site scripting flaws to remote code execution.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

old computer

Government honours veterans of Bletchley Park at last

Surviving veterans of the code-breaking facility to receive badge of...

Motorola MC55 Enterprise Digital Assistant

Review: Motorola MC55 Enterprise Digital Assistant

A rugged Windows Mobile device for mobile workers

BT

BT promises 1.5m fibre connections by summer 2010

Telco begins major rollout in 69 locations across the UK

Primary Navigation