Friday, November 26, 2010

Apple has it's Security Problems Too as Large Set of Fixes Released

As is seen by the latest set of Apple security patches their OS isn't immune to problems and threats. I see Apple systems all the time that have security issues and for the most part their users just can't believe that there are any possible security risks if you just use Apple. I only wish that were true. And no doubt Apple stands much above MS Windows in areas of security. But that risk is increasing all the time as Apple becomes a larger part of the market and is targeted more and more by hackers. And MS has really turned up the screws when it comes to safer code and better procurers to produce and test their code. So a word to the wise, don't think that MS can't be a safe system and don't believe that Apple is totally secure. Security issues and risks are found in both OS's and they will only become worse computers continue to become more and more integrated into the cloud.

Amplify’d from

Just when you think they can't pull another one off, Apple does it again. No, we're not talking about killer consumer electronics products, we're talking about security updates of record-setting girth.

Only 45 of the 85 vulnerability fixes described in Apple's latest iOS security advisory apply to the new iOS 4.2 version. iOS 3.2 through 3.2.2 for iPad incorporates another 40 fixes on top of those. 8 of the vulnerability fixes for iOS also affect Apple TV and are fixed in the new version 4.1 of that product.

It's always fun to look for the oldest vulnerability listed by Apple and this update is no exception. CVE-2009-1707, revealed to the public on 6/10/2009 and just fixed today, describes an error which could allow a user with physical access to the device to view stored web site passwords. It's not the most serious bug, but 17 months+ is a long time.

But many of the other vulnerabilities are classic critical bugs where reading a file can lead to remote code execution. Normal users run in a less privileged mode, but combined with CVE-2010-3830 ("Malicious code may gain system privileges"), a more severe compromise is possible.

Time to go to iTunes and apply updates.


No comments: