Apple patches Mac OS X, Safari and iOS

Stephen Withers
Friday, 15 April 2011 08:18

Business IT - Security

Apple's latest set of security updates covers a relatively short list of issues, but Mac OS X and iOS are both affected, along with Safari for Mac and Windows.

Earlier this week we reported on Microsoft's massive patch release for Windows. Now Apple has followed suit.

Since iOS seems to be the flavour of the month, that's where we'll start.

iOS 4.3.2 addresses the problems caused by Certification authority Comodo issuing nine certificates to an applicant without performing appropriate identity checks. The update from Apple blacklists those certificates, as does a Windows patch that Microsoft issued last month.

4.3.2 also delivers a trio of patches for problems reported through HP subsidiary TippingPoint's Zero Day Initiative which pays for vulnerabilities. Two are in WebKit, and involve exploiting integer overflow or use after free conditions to allow a maliciously crafted page to cause arbitrary code execution or crashing. The other is in QuickView, and allows a maliciously crafted Microsoft Office file to cause arbitrary code execution or a crash.

The final security issue was uncovered at Google. The libxslt library's implementation of a certain function disclosed the address of the heap buffer, which could be used to help bypass address space layout randomisation, a technique that makes it harder to write successful exploits.

Some of these flaws date back to iOS 3.0.

What else has changed in iOS, and what other software is affected? Please read on.