« Something's going down in Cupertino | Main | iPhone update disables hacks »
More new patches out
In typical fashion, Apple released a monster OS X security update today. The update fixes 45 vulnerabilities ranging from simple cross-site scripting to the ability to remotely execute code. Safari and iPhone also saw updates.
Remote code execution is a big thing over on the PC side, as it allows attackers to install malware on a user's system with something as simple as specially-crafted web site. Since there's no real malware out there for OS X, the remote code vulnerabilities are not as sexy.
Still, there's plenty of other scary holes to be found...
All three of the flaws contain a fix for WebKit, a component used to render HTML and Jacascript in Safari and OS X. According to Apple's description, the fonts used by webkit lend themselves particularly well to "look-alike" URLs that at first glance appear to be addresses for legitimate web sites.
There are also numerous flaws in the OS X WebCore component that can allow for such nasty things as cross-site scripting and information disclosure.
The automatic update software should be able download all three updates, though the OS X and Safari updates are also available through Apple's website.
Seems worth a download and a restart to me.
Post a comment