Feeds

Apple patches more than a dozen holes in OS X

Five uber updates in as many months

Secure remote control for conventional and virtual desktops

Apple has released an update that patches more than a dozen OS X vulnerabilities, several of which can lead to the remote execution of malicious code.

The most serious vulnerability resides in an OS X feature called mDNSResponder, which enables computers to locate and connect to devices such as printers and webcams on a local network. An attacker could use it to execute code by sending malicious packets to Macs connected to the same subnet, making the exploit ideal for use in internet cafes and offices.

Code exploiting the vulnerability has already been circulated by Immunity, a company that provides intelligence to security providers, according to Immunity's CTO, Dave Aitel.

"Remote roots like this don't come out every day," he said of the vulnerability.

Apple credited Michael Lynn of Juniper Networks for reporting the vulnerability. Lynn was the Cisco security researcher whose bosses threatened him with legal action in 2005 after publicly discussing vulnerability details in Cisco routers.

Yesterday's update was the fifth time in as many months that Apple has released to patch multiple security holes in its software. Apple has released other security patches this year, most recently to fix a high-profile vulnerability in QuickTime that allowed a hacker in a contest to publicly hijack a brand new MacBook Pro.

Among the other serious holes plugged in yesterday's update is flaw in OS X's CoreGraphics. That vulnerability could allow attackers to run code on a victim's machine by enticing users to open a maliciously crafted PDF file. ®

New hybrid storage solutions

More from The Register

next story
Apple iPhone 6: Missing sapphire glass screen FAIL explained
They just cannae do it in time, says analyst
Half a BILLION in the making: Bungie's Destiny reviewed
It feels very familiar - but it's still good
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Get your Indian Landfill Android One handsets - they're only SIXTY QUID
Cheap and deafening mobes for the subcontinental masses
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.