Patch/Configuration Management, Vulnerability Management

Apple super-patch fixes 31 vulnerabilities, including wireless driver flaw

Apple fixed 31 vulnerabilities in the seventh Mac OS X security update of the year, including a fix for a dangerous wireless driver flaw that could lead to arbitrary code execution.

That particular memory corruption vulnerability in the AirPort driver used in popular Macintosh laptops such as iBook and PowerBook, was reported by H.D. Moore as part of November's Month of Kernel Bugs project, an initiative kicked off by a security researcher using the handle LHM.

Mitchell Ashley, StillSecure CTO, told today said he thinks the driver flaw is the most significant fix because many Mac users rely on wireless connectivity.

The security update also corrects flaws in the Apple Type Services (ATS) server, the open-source ClamAV anti-virus toolkit and the CFNetwork framework. Vulnerabilities also were corrected in OS X's underlying open-source components, including OpenSSL, PERL (Practical Extraction and Reporting Language) and PHP (PHP Hypertext Preprocessor).

Vulnerability assessment firm Secunia rated the update "highly critical," with many of the 31 vulnerabilities remotely exploitable.

Ashley said the security world should brace for continued frequent updates from Apple as attackers more seriously target OS X, long considered a more secure platform to Windows.

He said recent advertisements that market Macs as inherently more secure that Windows could backfire.

"I think the Apple community still believes they work with the most secure operating system, and I think it's time to realize that you have to take every operating system seriously and not be complacent about security," Ashley said.

He added that he would not be surprised if Apple began pushing out monthly updates as does Microsoft.

An Apple spokesperson could not be reached for comment today.

Click here to email Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.