Apple issues seven updates, fixes more than 40 vulnerabilities in Mac OS X Mavericks
Operation of these gaps allow execution of arbitrary code on the target system, implement bypassing of address space randomization (ASLR) and so on.
Late last week, Apple released an updates to Mac OS X Mavericks 10.9.5, which consisted of more than 40 fixes vulnerabilities. In particular, the patches were intended for framework CoreGraphics, Bluetooth, PHP, graphics driver, Intel, framework Foundation, IOHIDFamily, IOAcceleratorFamily, kernel, OpenSSL, QT Media Foundation, and Ruby.
Exploitation of the vulnerabilities could allow an attacker to execute arbitrary code on the target system to implement bypassing of address space randomization (ASLR), elevate privileges, stop the application, and so forth.
In addition to the security update for OS X Mavericks, Apple also released a patch for OS X Server, web-browser Safari, Apple TV, and development platform Xcode. In Safari, the company has corrected several vulnerabilities in WebKit, one of which allows to intercept user data.
The information on existing vulnerabilities in Mac OS X Mavericks reported experts: Andrea Micalizzi / rgod, s3tm3m, Fernando Munoz, Tom Gallagher, Paul Bates, Ian Beer from Google Project Zero, PanguTeam, George Gal of the VSR, and Felipe Andres Manzano of Binamuse VRT. All of them received a reward for their efforts.
Microsoft reflexively releases patches for its product one Tuesday of every month to much fanfare. Apple does not, but on occasion, the Cupertino, Calif.-based company issues what SophosLabs in a Naked Security bulletin calls “Update Surprisedays.”
See more at: http://www.scmagazine.com/