News Articles

Apple patches a dozen holes with latest security update

Apple recently released an update that fixes a dozen vulnerabilities affecting Mac OS X 10.5 and 10.6. Seven of the 12 fixes for the security update, Apple's first of the year, concentrate on several issues with the Flash Player plug-in, including one that could allow an attacker to take control of the computer if the user visits a malicious website. Also patched were holes in CoreAudio, ImageIO, and Image RAW that could lead to arbitrary code execution and allow an attacker to take control of the computer if a malicious MP4 audio file were played, or malicious Tagged Image File Format or Digital Negative images were viewed. The release also affects OpenSSL, fixing a vulnerability that exists in the SSL and TLS protocols used to secure communications over the internet. The vulnerability, discovered by researchers at PhoneFactor in August 2009, could allow someone to capture data or modify operations performed in protected sessions. Additionally, Apple released an update to its Boot Camp 3.1 that the company said “adds support for Microsoft Windows 7 (Home Premium, Professional, and Ultimate).”