While yesterday saw Apple refresh its iPad lineup and unveil its new operating system, Mavericks, it also saw the Cupertino conglomerate release a boatload of security updates.
More than 100 issues were fixed across eight different products yesterday including updates for the company’s iTunes media player, its Safari browser and the most recent iteration of its mobile operating system, iOS 7.
Mavericks OS itself, Keynote 6.0, two versions of Apple’s Remote Desktop (3.7, 3.5.4) and OS X Server 3.0 also saw updates yesterday.
iOS 7.0.3 fixes three bugs in the iPhone’s beleaguered passcode feature. Two of the bugs were discovered by Israeli security researcher Dany Lisiansky: One that could’ve allowed anyone to bypass the lockscreen and make a call with it and another that could have allowed anyone to call arbitrary contacts on a phone by getting access to the Contacts pane via the lock screen. The third fix addressed a problem that kept the passcode entry visible when it shouldn’t have been, like after a user makes too many incorrect passcode attempts. All three bugs were fixed in 7.0.3, iOS 7’s third update since its initial release this time last month. Apple has had a hard time keeping up with the insecurity of its lockscreen – 7.0.2 fixed two issues with the feature last month as well.
Twenty-four vulnerabilities are fixed in the latest build of iTunes for Windows, iTunes 11.1.2. The bugs are mostly the result of when users view malicious movie files or navigate to malicious web pages on the popular media player. One vulnerability discovered by Google’s Chrome Security Team exploits memory corruption bugs with WebKit and could have left users open to a man-in-the-middle- attack while browsing the iTunes Store.
The latest OS goes ahead and fixes a slew of problems as well.
Mavericks fixes 53 OS-specific problems in total, including one with the App Sandbox that allowed it to be bypassed and issues with CoreGraphics that could’ve let an unprivileged app log keystrokes. The OS also fixes a number of errors in Kernel, Ruby, Python and Perl.
While Safari 7.0 is included in the Mavericks update, users on Mountain Lion who either can’t download Mavericks or want to put it off may still want to update their Safari to 6.1. The update fixes 21 issues with the browser, most of them WebKit-related issues that could lead to cross-site scripting attacks and unexpected application termination. The update includes a handful of other Safari features, including a “power saver,” third-party data blocking and one-click bookmarking as well.
Other minor fixes, such as a bug in Apple’s presentation software Keynote that could have let someone unlock a computer after its been put to sleep and previously addressed Ruby on Rails issues in OS X Server are also included in yesterday’s patches.
Mavericks, Apple’s 10th stable OS release, made headlines yesterday for coming as a free download in Apple’s Mac App Store. Operating systems previously released by Apple like Mountain Lion in 2012 and Lion in 2011 cost $20 and $30, respectively.
Mavericks also boasts better incorporated notifications, introduces color-coded folder labels, new apps like iBooks and Maps and allegedly boosts the battery life of MacBooks.
