All Posts

3 posts

Apple Security Update for Mac OS X and iOS

Apple today published a security update for Mac OS X 10.7 (Lion), 10.8 (Mountain Lion) and 10.9 (Mavericks). The update addresses 13 distinct vulnerabilities in many of the aspects of Apple’s Mac OS X, for example:

  • CVE-2014-1319 – an overflow in JPEG handling that can lead to Remote Code Execution (RCE) in 10.9 (Mavericks)
  • CVE-2014-1315 – a format string issue in the URL handling can lead to RCE in 10.9 (Mavericks)
  • CVE-2014-1314 – a Sandbox escape vulnerability in 10.8 (Mountain Lion) and 10.9 (Mavericks)
  • CVE-2013-5170 – a PDF parsing vulnerability can lead to RCE in 10.8 (Mountain Lion)

An SSL bug was also addressed in CVE-2014-1295 but it is unrelated to the Heartbleed bug in OpenSSL. Apple ships with OpenSSL 0.9.8, a version that is not affected by Heartbleed.

Not surprisingly due to their similar heritage Apple also published a new version of iOS that addresses some of the same issues. Version 7.1.1. fixes three CVes in common plus another 16 in Webkit the basis for the Safari browser. Apple had addresses similar vulnerabilities with Safari 7.0.3 and 6.1.3 in early April.

We recommend installing the new versions both for Mac OS X and iOS as quickly as possible.

Disabling IPv6 – Updated

Update: As Mike pointed out in the comments to disable IPv6 completely on the host, rather than on just the adapter selected one needs to change the HKLM\SYSTEM\CurrentControlSet\
DisabledComponents and set it to 0xffffffff.

Continue reading …

Apple updates Mac OS X and Safari

Apple published security patches to its Mac OS X operating system (OS) today. The three currently maintained releases of the OS 10.8 (Mountain Lion), 10.7 (Lion) and 10.6 (Snow Leopard) are receiving patches with Lion’s version being updated to 10.8.3. In total 21 vulnerabilites are addressed including the high profile CVE-2013-0156 that patches an issue in the Ruby on Rails implementation in Mac OS X Lion server.

Apple also released a new verion of the Safari web browser which fixes 17 vulnerabilities, all of them located in the WebKit rendering engine.

We recommend installing as soon as possible.