Tuesday, March 30, 2010

Filled Under:

MacOSX Gets Massive Security Update

This is kinda weird but safe for the users at the same time Apple have just launched the update for the Mac OSX with a severe patchment of 92 vulnerabilities. Well it have also breaked the previous record of the Mac OSX update released last year, when Apple 's largest patched 67 vulnerabilities .




The update brings Snow Leopard to version 10.6.3, making this the third major update to the OS that Apple launched in August 2009. Apple also addressed a list of nearly 30 non-security issues in the 10.6.3 update. Leopard users, meanwhile, received only the security patches ..


As a matter of fact, most of the patches were for the QuickTime player for the Leopard OS and it was expected as we have already been knowing many of the Mp4 Zero Day exploitations etc and due to the Pwn2ownage conference the exploits shown there was a big reason for this turn out.


"The sheer number, it's almost so daunting that you don't even want to look," said Andrew Storms, director of security operations at nCircle Network Security.


Today on 30th Apple came out with a update of 42 security fixes which is about the 40% of the total number of the security apple is working onn. The other thing which is kinda in favour of apple is that they don't rate/score there patches like some of the other giants like Microsoft and Oracle.


RSnake’s Magic


The other news we got for you is that RSnake and his friends have done some research on this and found some of the exploitations in the safari browser which is regarding the port number float/integer overflow which can cause alot of damage.



“Safari has a typical integer overflow in the way they look at ports. So if you add the number 65,536 to the port you want to connect to (in this case 25 + 65,536 = 65,561) you can bypass their port blocking.”


And the best thing to note here is that Apple beat with the blacklist of ports or even whitelist of ports as it can be used in mass exploitation for hackers. Well lets see whats next.


Charlie Miller, the researcher who cracked Snow Leopard's security defenses to take down Safari, said today that Apple had not patched the vulnerability he used last Wednesday.


"New patch doesn't fix pwn2own bug," Miller said via Twitter .

"Sorry suckers, gonna have to wait for the next patch."

blog comments powered by Disqus