Apple updates Lion, patches 51 bugs in Mac OS X

But some users report every app crashes after 10.7.3 is installed

Apple on Tuesday patched 51 vulnerabilities in Mac OS X, most of them critical, in 2012's first security update.

Both Mac OS X 10.7, aka Lion, and 10.6, better known as Snow Leopard, were updated with fixes. The two operating systems were last updated in mid-October 2011.

Some Lion users reported post-update catastrophes. In a quickly-growing thread on the Apple support forum, users said that after updating, every application crashed when launched.

Among the patches were a pair that addressed a vulnerability in SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 that was demonstrated last September by researchers who crafted a hacking tool dubbed BEAST, for "Browser Exploit Against SSL/TLS."

Apple had previously patched the same bug in iOS and other vendors, including Microsoft and Mozilla, had also beat Apple to this patch punch.

The company was also late to the patching party with the revocation of trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority (CA). Last year, researchers found that Digicert had issued 22 certificates with weak 512-bit keys and missing certificate extensions and revocation information.

Microsoft and Mozilla revoked trust in Digicert nearly three months ago.

Apple patched six vulnerabilities in QuickTime, the media player bundled with Mac OS X, that could be triggered with malicious image, audio or video files, said Apple in its advisory.

Of the 51 total flaws, 40 were tagged by Apple with its usual "arbitrary code execution" phrase, the company's way of saying that the bugs were critical and could be used by attackers to hijack a Mac with a working exploit.

One of the vulnerabilities could be exploited in a "drive-by" attack, which only requires duping users into browsing to a malicious site to be successful.

As usual, the security update quashed bugs in numerous modules of the operating system, including open-source elements that Apple integrates with its own code. Fixes affected the Apache, ColorSync, OpenGL, PHP and X11 components, among others.

1 2 Page
FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies