Apple iStuff saved by Beer

Apple has crushed a tonne of bugs across its products including 53 a piece in iOS 8 and OS X Mavericks, the majority reported by Google researcher Ian Beer.

Cupertino shut down iOS code execution bugs with root or kernel privileges some of which could be executed through a web browser, and closed off the ability for rogue access points to yank credentials by removing the LEAP protocol.

Other iOS bugs could bypass Address Space Layer Randomisation and leak information on user identities.

Apple issued another 53 fixes for OS X Mavericks, Safari, OS X Server, Apple TV and Xcode, along with some usability improvements.

Marvericks 10.9.5 fixed issues concerning Bluetooth, a arbitrary code execution bug in the Intel graphics driver, and OpenSSL for iThings, along with flaws that were also patched in iOS.

Apple also issued fixes for Safari version 7.0.6, boosts reliability of VPN connections which use USB authentication smart cards and the accessing of SMB servers and fixes admin issues with group membership in large network groups for enterprise customers.

Google Project Zero bug vanquisher Ian Beer was credited with the lion’s share of bug reports as part of his work in securing the broader internet.

It comes as Cupertino borked the super-hyped Healthkit API in iOS 8 with a fix planned by month’s end. The fitness nag was pulled along with apps that relied on it due to a bug. ®

Reducing the cost and complexity of web vulnerability management

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/09/19/apple_crushes_bugs_in_ithings_os_x/

Comments are closed.