Patch/Configuration Management, Vulnerability Management

Apple patches 25 flaws

Apple released its fourth security update of the year on Thursday, patching 25 software flaws, including 14 that allow malicious code execution.

It is the tech giant’s first bulletin distribution since March 13, when it fixed 30 vulnerabilities.

Among the patches released on Thursday were three for Kerberos administration, all of which could lead to unexpected application termination or arbitrary code execution with system privileges, according to Apple’s advisory.

Another buffer overflow vulnerability was patched in the AirPort Driver module, which an attacker can exploit by malformed control commands.

Apple also patched two bugs in libinfo, and three flaws in Login Window.

Researcher Landon Fuller, pointed out on his blog that a newly fixed bug in Quicktime RTSP URL Handling was part of the Month of Apple Bugs. The flaw is cause by a boundary error when handling RTSP URLs, which can be exploited to cause a stack-based buffer overflow.

Fuller said today that he disapproves of the methods used in the Month of Apple Bugs project.

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.