Security Architecture, Cloud Security, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple releases OS X, iOS, Safari updates

Apple on Wednesday issued much-anticipated updates for its Mac OS X and iOS mobile operating system, adding support for its new iCloud service and fixing a bevy of security flaws in the process.

The new mobile operating system, iOS 5, contains approximately 98 security fixes, according to the company's  release notes. The iOS update addresses a number of “noteworthy” issues, including flaws that caused users' Apple ID passwords to be logged in a plain text file, readable by applications, Graham Cluley, senior technology consultant at Sophos, said in a blog post Wednesday.

Additionally, the update removes DigiNotar from the list of trusted root certificates. The Dutch-based certificate authority, which since has gone bankrupt, recently issued hundreds of counterfeit SSL certificates, .

On the desktop and server side, the Mac OS X Lion (10.7) and Snow Leopard (10.6) platforms received updates.

They fix approximately 72 security holes, which could lead to arbitrary code execution, denial of service or privilege escalation, according to Apple's release notes. The updates also fix various flaws uncovered in September that could have allowed an attacker to easily obtain users' encrypted passwords, and even change such credentials without authorization.

Users, meanwhile, must install the updates to take advantage of iCloud, Apple's new service, which allows users to avoid locally storing music, photos, apps, calendars and documents.

High demand for the new iOS and OS X versions has placed a strain on Apple's servers, causing some users to experience long download times and strange error messages during the install process, according to reports. Consequently, users may want to hold off updating for a day or two, Cluley recommended.

“I'd much rather wait until the teething problems have been sorted out, and then consider whether the new features built into Apple's operating system are what I'm after,” Cluley wrote.

The security upgrades don't end there. Apple on Thursday also released an update to its Safari web browser for users of Windows, Lion and Snow Leopard. The new version, Safari 5.1.1, shores up approximately 70 vulnerabilities. The Safari update is bundled with the Mac OS X Lion 10.7.2 upgrade and is available for a separate download for Snow Leopard users.

The total number of security problems fixed this week in its various products is “certainly a record for Apple,” researchers at Mac security firm Intego, said in a blog post Wednesday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.