123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

Apple Mitigates Multiple Security Vulnerabilities

Profile Picture
By Author: eccuni
Total Articles: 211
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Recently, Apple released four security updates to address multiple vulnerabilities in various products. One of the security updates by the company blacklists fraudulent SSL certificates issued by a registration authority affiliated to Comodo. The fraudulent certificates may lead to man-in-the-middle attack allowing an attacker to intercept sensitive information such as user credentials. The update is applicable to Mac OS X v10.5.8 and v10.6.7, and Mac OSX Server v10.5.8 and v10.6.7. The security update for Safari addresses security flaws in WebKit. The update mitigates integer overflow issue in the handling of nodesets and use after free issue in the handling of text nodes. Exploitation of these security flaws could cause execution of arbitrary code or lead to application termination, if a user visits a maliciously crafted website.

The developer has issued software update for iPhone. The update blacklists fraudulent certificates issued by a Comodo registration authority, which could have allowed interception of sensitive information. The software update mitigates integer overflow issue and use-after issue in WebKit. ...
... The update also fixes a memory corruption issue in QuickLook's handling of Microsoft Office files. Viewing a malicious crafted office file could lead to unexpected termination of an application or cause arbitrary code execution. The software update is applicable to iOS 4.2.5 to 4.2.6 for iPhone 4.

Apple has also issued software update for iOS 4.3.2. The update blacklists fraudulent certificates, and addresses memory corruption issue in QuickLook, integer overflow issue and use-after free issue in WebKit, and a flaw associated with libxslt. The implementation of generate-id() XPath function by libxslt discloses the addresses on the heap buffer on visiting a maliciously crafted website. The vulnerability helps the attackers in circumventing address space layout randomization protection. The software update resolves the issue by creating an ID based on the difference between addresses of two heap buffers. The software update is available for iOS 3.0 to 4.3.1 for iPhone 3GS and later versions, iOS 3.1 to 4.3.1 for iPod touch third generation and later versions and iOS 3.2 to 4.3.1 for iPad.

Usually, security professionals qualified in IT degree programs and security certifications such as penetration testing identify and mitigate weaknesses. In this case, the vulnerabilities were identified by security researchers affiliated to various organizations such as Vupen Security, Tipping Point and Google Chrome security team among others.

Users must adhere to the security updates to prevent exploitation of vulnerabilities by attackers. Online IT courses and tutorials may help users in understanding and preventing security threats. Adherence to security advisories, recommendations by researchers on security blogs and security guidelines could help users to safeguard devices from sophisticated attacks and avoid disclosure of sensitive information.

Developers face constant challenge of manufacturing products, which not only add to the convenience of the end-user, but also ensure security from sophisticated threats. Information security is crucial for retaining the trust of end-users and ensuring popularity of products. E-learning and online IT degree programs may help software professionals to improve their expertise, and deliver products with better security features and mechanisms.

Total Views: 406Word Count: 501See All articles From Author

Add Comment

Computers Articles

1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise Servers
Author: Server Tech Central

2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp

3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing

4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp

5. How To Start Your Website Redesign Project?
Author: brainbell10

6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam

7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp

8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp

9. How To Setup And Create Instagram Ads?
Author: brainbell10

10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap

11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10

12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10

13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp

14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10

15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: