April 15, 2011

Apple delivers updates related to Comodo, Pwn2Own

Apple on Thursday released security updates for its Mac OS X operating system and Safari web browser, as well as a number of other products in its portfolio, including the iPhone, iPad, iTouch and Apple TV.

The Mac OS X update, for versions 10.5 and 10.6, solely addresses the recent theft of nine digital certificates from Comodo. 

A fraudster could have used the fake SSL certificates – issued for sites such as Google, Yahoo, Skype and Microsoft's Hotmail – to create a fake website that was able to bypass a browser's validity mechanism and appear like the real thing to users. The attacker would then be able to spoof content or perform phishing and man-in-the-middle attacks to steal credentials or spy on users. The fix issued on Thursday places the toxic certificates on a blacklist so they can't be used on Safari.

Meanwhile, the newly issued Safari 5.0.5 addresses two vulnerabilities that could have led to unexpected application termination or arbitrary code execution if a user visits a malicious website.

Apple's mobile device suite also saw fixes with the release of iOS 4.3.2 8H8 (4.2.7 for VZ iPhone). Among the issues addressed are bugs exposed during CanSecWest's Pwn2Own hacker competition last month in Vancouver.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.