Apple have released updated versions of OS X Lion (10.7.2), Snow Leopard (Security Update 2011-006), iOS (5), Numbers for iOS (1.5) and Pages for iOS (1.5) to resolve numerous security issues.
Beginning with OS X 10.7.2/Security Update 2011-006 for OS X 10.6 there are 75 known vulnerabilities that are fixed with these updates. Most could lead to arbitrary code execution, while others lead to denial of service or privilege escalation. It weighs in at a whopping 880MB with recovery download.
Vulnerabilities of note include:
- Improper storage and handling of web cookies
- File Vault 2 leaving 250MB of unencrypted data accessible if system used before encrypting
- Screen lock password bypass for Cinema Display users
- Firewire DMA access allowed password recovery during boot/shutdown
- Open Directory flaws allowed reading other users password hashes
- Open Directory flaws allowed changing password without old password
- Open Directory flaws allowed logging in without a password
Additionally Apple notes that Disk Image (.dmg) and installer packages (.pkg) files are no longer included in “safe” file types.
This is good news as Safari should no longer open these file types by default. This trust was abused by fake anti-virus distributors targeting OS X earlier this year.
In addition to introducing iCloud support and all kinds of other great features, iOS 5 also had a slew of security fixes. My count includes 98 vulnerabilities fixed in this release, including the following noteworthy fixes:
- CalDEV credentials could be intercepted due to invalid certificate checking
- AppleID password was logged to a plaintext file readable by applications
- Improper storage and handling of web cookies
- Revoked trust in DigiNotar root certificates
- iOS will no longer accept X.509 certificates using MD5 hashes (except trusted root certs)
- Support for TLS 1.2 (to support connections secured against BEAST attacks)
- Parental Controls password was stored in plaintext file and readable by applications
- 69 WebKit (HTML rendering/Browser) vulnerabilities including arbitrary code execution
- WiFi passphrases and encryption keys stored in plaintext and readable by applications
Other patches released include Safari 5.1.1 fixing 43 vulnerabilities, Numbers for iOS fixing 2 vulnerabilities, 1 fix for Pages for iOS and 8 fixes for AppleTV (including DigiNotar root certificates being removed).
Update: More details about some of the Safari vulnerabilities have been published. At least of few of these are scary dangerous. If you use Safari on Windows or Mac, apply these updates immediately.
While some users are reporting issues downloading these updates you should still apply them as soon as possible. It appears Apple is under a denial of service condition from the number of people attempting to update all at one.
Want to keep your precious Mac as pure and clean as when you opened the box? Download Sophos Anti-Virus for Mac Home Edition for free to keep it as good as new…
Leave a reply
