‫ Apple patches Secure Transport, but not because of Heartbleed

Date: 2014-04-23

According to “computerworld”, Apple today issued a security-only update for OS X, patching 25 vulnerabilities in Mavericks, its newest operating system, and 7 bugs in older editions.

Along with the two-dozen-plus-one patches for Mavericks, the update also addressed two bugs in Lion and seven in Mountain Lion, the precursors to Mavericks which shipped in 2011 and 2012, respectively.

Apple has stopped shipping security updates for OS X Snow Leopard, the 2009 edition that powered 17% of all Macs last month.

Security Update 2014-002 contained patches for several run-of-the-mill vulnerabilities, a font parsing bug while viewing malformed PDFs.

"An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL," read Apple's advisory for CVE-2014-1295.

Although the vulnerability wasn't associated with the Heartbleed exploit -- the flaw in OpenSSL that has made headlines for the two weeks -- the mere mention of "SSL" in Apple's advisory was enough to instantly put the bug in the limelight.

The Cupertino, Calif. company patched its Secure Transport -- Apple's name for its implementation of SSL and TLS (Transport Layer Security) -- in Mavericks and Mountain Lion. The bug did not affect Lion and earlier editions of the Mac operating system.

In a separate update, Apple also patched iOS's implementation of Secure Transport with iOS 7.1.1. The update fixed a number of other flaws, most of them in WebKit, the open-source browser engine that powers Safari.

Security Update 2014-002, an 80MB download for Mavericks, can be retrieved by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right.


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 3 اردیبهشت 1393



امتیاز شما
تعداد امتیازها:0