Apple updates Lion, patches 51 bugs in Mac OS X
But some users report every app crashes after 10.7.3 is installed
Computerworld - Apple on Tuesday patched 51 vulnerabilities in Mac OS X, most of them critical, in 2012's first security update.
Both Mac OS X 10.7, aka Lion, and 10.6, better known as Snow Leopard, were updated with fixes. The two operating systems were last updated in mid-October 2011.
Some Lion users reported post-update catastrophes. In a quickly-growing thread on the Apple support forum, users said that after updating, every application crashed when launched.
Among the patches were a pair that addressed a vulnerability in SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 that was demonstrated last September by researchers who crafted a hacking tool dubbed BEAST, for "Browser Exploit Against SSL/TLS."
Apple had previously patched the same bug in iOS and other vendors, including Microsoft and Mozilla, had also beat Apple to this patch punch.
The company was also late to the patching party with the revocation of trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority (CA). Last year, researchers found that Digicert had issued 22 certificates with weak 512-bit keys and missing certificate extensions and revocation information.
Microsoft and Mozilla revoked trust in Digicert nearly three months ago.
Apple patched six vulnerabilities in QuickTime, the media player bundled with Mac OS X, that could be triggered with malicious image, audio or video files, said Apple in its advisory.
Of the 51 total flaws, 40 were tagged by Apple with its usual "arbitrary code execution" phrase, the company's way of saying that the bugs were critical and could be used by attackers to hijack a Mac with a working exploit.
One of the vulnerabilities could be exploited in a "drive-by" attack, which only requires duping users into browsing to a malicious site to be successful.
As usual, the security update quashed bugs in numerous modules of the operating system, including open-source elements that Apple integrates with its own code. Fixes affected the Apache, ColorSync, OpenGL, PHP and X11 components, among others.
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
- Apple patches critical 'gotofail' bug with Mavericks update
- Why Apple needs a $700 MacBook Air
- Apple takes top spot in brand value computation
- Apple gets a patent for health-monitoring ear buds
- Apple shifts to hardware-first TV strategy with revamped set-top box
- iTunes is almost as big a biz as OEM Windows
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Mac OS X White Papers | Webcasts