Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Mobile
    • PC Hardware

    Apple Fixes Major Bugs in Mac OS X, iOS 5, iTunes With iCloud Launch

    By
    Fahmida Y. Rashid
    -
    October 12, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Coinciding with the launch of its new iCloud service, Apple has rolled out massive updates fixing scores of security vulnerabilities in Mac OS X, iOS and related software.

      The latest mobile operating system, iOS 5, went live Oct. 12, which requires the latest version of iTunes to install. Apple released a new version of its iTunes software for Windows on Oct. 11. If those two major upgrades weren’t enough, Apple also updated the Mac OS X Lion operating system with 10.7.2. A security update for Snow Leopard users, 10.6, is also available.

      Users trying to access so many updates so close together are putting a strain on Apple servers, resulting in long download times and strange error messages when trying to install, according to irate users on Twitter and Apple support forums.

      The upgrades are necessary for users interested in using iCloud to synchronize music, photos, documents and other files across their iPhone, iPad or iPod Touch and the Mac desktop. The latest iTunes, version 10.5, is necessary to upgrade to newer models of the iPhone, iPad and iPod Touch to iOS 5. Both the Mac and Windows versions of iTunes have all the features necessary to take advantage of iCloud support, wireless synchronization and iOS 5.

      The iTunes 10.5 for Windows update patched 79 security vulnerabilities in a slew of components, including WebKit, ColorSync, CoreFoundation, CoreAudio, CoreMedia and ImageIO, according to Apple’s advisory. WebKit alone accounted for 73 bugs that Apple fixed in this version of iTunes. The framework is a core part of iTunes and the Safari Web browser, and all but one of the bugs were memory corruption vulnerabilities. Several of the bugs, if exploited, could have resulted in an attacker remotely executing code on the affected Mac. Other WebKit issues would have resulted in denial-of-service conditions or crashed iTunes, according to Apple.

      Apple fixed the security issues in iTunes only in the Windows version, and rolled the fixes into the OS X updates for Mac users.

      In the Mac OS X 10.7.2 update and the update for 10.6 (Snow Leopard), Apple fixed 75 known vulnerabilities in the operating system, Chester Wisniewski, senior security adviser at Sophos, told eWEEK. Most could lead to arbitrary code execution, while others could result in denial of service or escalation of privileges, Wisniewski said.

      Apple addressed “quite a few important security issues,” including the vulnerabilities with Open Directory that had been introduced this summer with the release of Lion, the latest Mac OS X operating system. The various flaws in Open Directory allowed people to read other users’ password hashes, change passwords without having to know the old password and log into the system without a password, according to Wisniewski. The OS X update also fixed how Web cookies are stored and handled so that malicious sites can no longer read information stored on them.

      In addition, Apple released a new version of the Safari Web browser for Lion and Snow Leopard. Wisniewski estimated there were approximately another 70 security flaws fixed in the browser update.

      Apple also removed the DigiNotar certificates from its mobile devices in iOS 5. While the company had removed the embattled certificate authority from the desktop last month after reports emerged of attackers compromising DigiNotar to issue fraudulent Secure Sockets Layer (SSL) certificates for major Websites, mobile devices running Safari had remained unprotected.

      There is already a jailbreak available for iOS 5. At the moment, only a tethered jailbreak exists for iOS 5 running on iPhone 4 and 3GS, iPad and iPod Touch. A tethered jailbreak means the user has to connect the mobile device to the computer to run the code. An untethered jailbreak is expected shortly, according to rumors.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×