Tuesday, 3 May 2016

On 02:09 by admin   No comments
Apple released a patch Tuesday that fixes more than a dozen bugs, including a critical remote code-execution flaw in Apple Type Services. The patch release also includes a fix for a flaw in CFNetwork that enabled an attacker to intercept user credentials and other sensitive data silently on a network.

The Apple patch release plugs a total of 13 holes in a variety of OS X components and add-ons, including ClamAV, PHP and Samba. The most serious bug that Apple fixed with this release is the buffer overflow in Apple Type Services which enables an attacker to run arbitrary code on a remote machine.

This issue is addressed through improved bounds checking,” Apple said in its security bulletin.

The OS X update also fixes a vulnerability in Apple’s CFNetwork framework which resulted from the framework’s support for anonymous SSL/TLS connections.


Post a comment