Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Mobile
    • PC Hardware

    Apple Fixes Major Bugs in Mac OS X, iOS 5, iTunes With iCloud Launch

    By
    Fahmida Y. Rashid
    -
    October 12, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Coinciding with the launch of its new iCloud service, Apple has rolled out massive updates fixing scores of security vulnerabilities in Mac OS X, iOS and related software.

      The latest mobile operating system, iOS 5, went live Oct. 12, which requires the latest version of iTunes to install. Apple released a new version of its iTunes software for Windows on Oct. 11. If those two major upgrades weren’t enough, Apple also updated the Mac OS X Lion operating system with 10.7.2. A security update for Snow Leopard users, 10.6, is also available.

      Users trying to access so many updates so close together are putting a strain on Apple servers, resulting in long download times and strange error messages when trying to install, according to irate users on Twitter and Apple support forums.

      The upgrades are necessary for users interested in using iCloud to synchronize music, photos, documents and other files across their iPhone, iPad or iPod Touch and the Mac desktop. The latest iTunes, version 10.5, is necessary to upgrade to newer models of the iPhone, iPad and iPod Touch to iOS 5. Both the Mac and Windows versions of iTunes have all the features necessary to take advantage of iCloud support, wireless synchronization and iOS 5.

      The iTunes 10.5 for Windows update patched 79 security vulnerabilities in a slew of components, including WebKit, ColorSync, CoreFoundation, CoreAudio, CoreMedia and ImageIO, according to Apple’s advisory. WebKit alone accounted for 73 bugs that Apple fixed in this version of iTunes. The framework is a core part of iTunes and the Safari Web browser, and all but one of the bugs were memory corruption vulnerabilities. Several of the bugs, if exploited, could have resulted in an attacker remotely executing code on the affected Mac. Other WebKit issues would have resulted in denial-of-service conditions or crashed iTunes, according to Apple.

      Apple fixed the security issues in iTunes only in the Windows version, and rolled the fixes into the OS X updates for Mac users.

      In the Mac OS X 10.7.2 update and the update for 10.6 (Snow Leopard), Apple fixed 75 known vulnerabilities in the operating system, Chester Wisniewski, senior security adviser at Sophos, told eWEEK. Most could lead to arbitrary code execution, while others could result in denial of service or escalation of privileges, Wisniewski said.

      Apple addressed “quite a few important security issues,” including the vulnerabilities with Open Directory that had been introduced this summer with the release of Lion, the latest Mac OS X operating system. The various flaws in Open Directory allowed people to read other users’ password hashes, change passwords without having to know the old password and log into the system without a password, according to Wisniewski. The OS X update also fixed how Web cookies are stored and handled so that malicious sites can no longer read information stored on them.

      In addition, Apple released a new version of the Safari Web browser for Lion and Snow Leopard. Wisniewski estimated there were approximately another 70 security flaws fixed in the browser update.

      Apple also removed the DigiNotar certificates from its mobile devices in iOS 5. While the company had removed the embattled certificate authority from the desktop last month after reports emerged of attackers compromising DigiNotar to issue fraudulent Secure Sockets Layer (SSL) certificates for major Websites, mobile devices running Safari had remained unprotected.

      There is already a jailbreak available for iOS 5. At the moment, only a tethered jailbreak exists for iOS 5 running on iPhone 4 and 3GS, iPad and iPod Touch. A tethered jailbreak means the user has to connect the mobile device to the computer to run the code. An untethered jailbreak is expected shortly, according to rumors.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×