Apple Updates Mac OS, Addresses Several Security Flaws

Recently, Apple released Mac OS X 10.6.8 and mitigated several security vulnerabilities.

Albuquerque, NM (prHWY.com) June 27, 2011 - Albuquerque, NM, US - Recently, Apple released Mac OS X 10.6.8. The latest update brings improvements to the Mac App to facilitate upgrade to the next version Mac OS X Lion. The update enhances VPN reliability, provides better support for IPv6, rectifies time zone data in iCal for Lisbon, improves detection of MacDefender malware and mitigates issue, which causes unexpected exit of preview. The update facilitates use of Kerberos authentication to proxy server, rectifies a document saving issue related to XCode or TextEdit on use of NFS home directory, introduces support for additional digital cameras, and resolves issue related to importing certain forms of media files into Final Cut Pro.

The vendor has also addressed multiple security vulnerabilities associated with various components. The addressed security flaws include an out of bounds memory read issue related to AirPort while handling Wi-Fi frames. The issue may allow an attacker on the same network to cause system reset, when connected to Wi-Fi. The security update mitigates an error handling issue in Certificate Trust Policy that causes acceptance of revoked certificate by specifying OCSP URL in most of Extended Validation (EV) certificates. The vendor has resolved a heap buffer flow issue in the way Image IO handles JPEG2000 images, which may cause application termination or execution of arbitrary code on visit to a malicious website. The security update mitigates an issue in MobileMe, wherein the Mail makes requests through HTTP for identifying a user's e-mail aliases by introducing SSL. The issue may allow attackers with privileged network position to read e-mail aliases.

Apple has updated MySQL to 5.0.92 and mitigated several security flaws, the critical of which could result in arbitrary code execution. Open SSL has also been updated to mitigate several vulnerabilities, the serious of which could cause execution of arbitrary code. The security update resolves a memory corruption issue in the way QuickLook handles Microsoft Office files, which could lead to unexpected application termination or execution of arbitrary code on downloading a malicious Word file. An integer overflow issue in the way QuickTime handles RIFF WAV files that could cause execution of arbitrary code or termination of application on viewing a malicious WAV file. The vendor removed XML-RPC interface to resolve an XML external entity issue in the way servermgrd manages XML-RPC requests. The latest security updates resolves integer overflow in the way CoreGraphics handles Type 1 fonts, which could cause application termination or arbitrary code execution on opening a malicious PDF file.

The issues were identified and reported by both in-house experts as well as professionals associated with other vendors and security firms. Cyber-attackers attempt to leverage the time lag between the issuance of an update and actual implementation by the users. Internet users must immediately update to the latest version and avoid exploitation of security flaws by attackers. Professionals qualified in masters of security science and IT security certifications may help businesses in identifying and implementing necessary security updates.

Cyber security awareness is crucial to improve resistance to emerging threats. Advertisements, e-tutorials, encouraging online degree courses on cyber security may help in improving awareness on security topics. Distance learning and online university degree courses may help working IT professionals to enhance their expertise to effectively deal with emerging security threats.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: ipv6, security update, mac os x lion, ical, macdefender, final cut pro, extended validation, airport, ocsp url, imageio, quicklook, quicktime

Categories: Internet

Link To This Press Release:

URL HTML Code