Apple servers were slammed as users attempted to download updates to iTunes, Mac OS X 10.7.2 and iOS 5 that contain many security fixes.
with the launch of its new iCloud service, Apple has rolled out massive updates
fixing scores of security vulnerabilities in Mac OS X, iOS and related
latest mobile operating system, iOS 5, went live Oct. 12, which requires the
latest version of iTunes to install. Apple released a new version of its iTunes software for Windows
Oct. 11. If those two major upgrades weren't enough, Apple also updated the Mac
OS X Lion operating system with 10.7.2. A security update for Snow Leopard
users, 10.6, is also available.
trying to access so many updates so close together are putting a strain on
Apple servers, resulting in long download times and strange error messages when
trying to install, according to irate users on Twitter and Apple support
upgrades are necessary for users interested in using iCloud to synchronize
music, photos, documents and other files across their iPhone, iPad or iPod
Touch and the Mac desktop. The latest iTunes, version 10.5, is necessary to
upgrade to newer models of the iPhone, iPad and iPod Touch to iOS 5. Both the
Mac and Windows versions of iTunes have all the features necessary to take
advantage of iCloud support, wireless synchronization and iOS 5.
iTunes 10.5 for Windows update patched 79 security vulnerabilities in a slew of
components, including WebKit, ColorSync, CoreFoundation, CoreAudio, CoreMedia
and ImageIO, according to Apple's advisory. WebKit alone accounted for 73 bugs
that Apple fixed in this version of iTunes. The framework is a core part of
iTunes and the Safari Web browser, and all but one of the bugs were memory
corruption vulnerabilities. Several of the bugs, if exploited, could have
resulted in an attacker remotely executing code on the affected Mac. Other
WebKit issues would have resulted in denial-of-service conditions or crashed
iTunes, according to Apple.
fixed the security issues in iTunes only in the Windows version, and rolled the
fixes into the OS X updates for Mac users.
the Mac OS X 10.7.2 update and the update for 10.6 (Snow Leopard), Apple fixed
75 known vulnerabilities in the operating system, Chester Wisniewski, senior
security adviser at Sophos, told eWEEK
Most could lead to arbitrary code execution, while others could result in
denial of service or escalation of privileges, Wisniewski said.
addressed "quite a few important security issues," including the
vulnerabilities with Open Directory that had been introduced this summer with
the release of Lion, the latest Mac OS X operating system. The various flaws in
Open Directory allowed people to read other users' password hashes, change
passwords without having to know the old password and log into the system
without a password, according to Wisniewski. The OS X update also fixed how Web
cookies are stored and handled so that malicious sites can no longer read
information stored on them.
addition, Apple released a new version of the Safari Web browser for Lion and
Snow Leopard. Wisniewski estimated there were approximately another 70 security
flaws fixed in the browser update.
also removed the DigiNotar certificates from its mobile devices in iOS 5. While
the company had removed the embattled certificate authority from the desktop
last month after reports emerged of attackers compromising DigiNotar to issue
fraudulent Secure Sockets Layer (SSL) certificates for major Websites, mobile
devices running Safari had remained unprotected.
is already a jailbreak available for iOS 5. At the moment, only a tethered
jailbreak exists for iOS 5 running on iPhone 4 and 3GS, iPad and iPod Touch. A
tethered jailbreak means the user has to connect the mobile device to the
computer to run the code. An untethered jailbreak is expected shortly,
according to rumors.