ID: IRCNE2012091616
Date: 2012-09-15
According to “ESecurityPlanet”, Apple's security personnel quietly unloaded one of the biggest Apple software patch updates in the company's history.
Apple's iTunes 10.7 update for Windows provides patches for no less than 163 security vulnerabilities. All of the flaws are related to the open source WebKit rendering engine.
"The sheer number of bugs Apple fixed in this patch is almost overwhelming," said Andrew Storms, director of security operations for nCircle. "Apple is notorious for monster patches, but this one goes immediately to the top of the list."
Digging through the long list of WebKit flaws reveals that many of them have been known for some time. Apple's security advisory lists the flaws by their respective CVE (Common Vulnerabilities and Exposures) nomenclature, which identifies when the issue was first reported. As an example, the first bug listed in Apple's iTunes 10.7 patch update is CVE-2011-3016, a flaw that was first reported in 2011.
"Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a read-after-free issue," the CVE entry states.
- 2