Patch/Configuration Management, Vulnerability Management

More than two dozen Mac flaws fixed

Apple patched 26 flaws - a number of which exposed end users to remote code execution - in a software release this week.

One critical fix is for a flaw in the Canon RAW format image viewer, which could allow malicious code to run uninvited on a Mac. Other critical patches were for image viewer flaws with GIF and TIFF files.

Patches were also released for critical flaws – meaning they could allow malicious code execution – in fetchmail when downloading from a malicious POP3 server and in DHCP.

A number of other holes were fixed within OS X's AFP server, used for file sharing.

Mike Murray, director of vulnerability and exposure research at nCircle, said today that the vulnerabilities patched aren't surprising, but said the increase in use of Macs has lead to a growth in malicious attacks against OS X.

"It's always interesting to see someone other than Microsoft affected by all these problems," he said. "If we saw this sort of thing from Microsoft or Oracle, we'd just shrug our shoulders. They're just plan old, everyday, ho-hum patches."

OS X has increasingly become a focus of malicious users in recent months, with one study by McAfee Avert Labs warning that vulnerability discovery rates for Mac have risen by 228 percent in the past three years along, from just 45 in 2003 to 143 last year.

During that same period, Microsoft saw a 73-percent increase in flaws discovered.

Alfred Huger, senior director of engineering for Symantec Security Response, said the patched flaws are not as common as they seem.

"The vulnerabilities themselves, they're not a lot of vanilla-flavored buffer overflow. That's something new for Apple," he said. "The vulnerabilities we're seeing here are almost full circle. You're seeing vulnerabilities you used to see eight or nine years ago in the Unix world."

Arrigo Triulzi, researcher at the SANS Institute's Internet Storm Center, said Tuesday that the OS X patches are similar to previous Mac fixes.

"My reaction to most of this is ‘haven't we seen this before?' because quite frankly, most of these holes above have been seen in older fixes a while back," he said on the ISC's cooperative cyberthreat monitor and alert system.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.