Apple ships security fixes for iOS, OS X, Safari ... basically EVERYTHING

Here comes the next big slew of WebKit bug fixes


Apple on Monday shipped new versions of its operating systems, its web browser, and Apple TV firmware – with each update a minor release aimed at fixing bugs and closing security vulnerabilities.

The latest release of OS X Mavericks, version 10.9.4, addresses a total of 19 vulnerabilities in a variety of OS subsystems, ranging from graphics and Thunderbolt drivers to the Dock.

It also claims to speed up waking from sleep, and to fix one issue where Macs wouldn't connect to known Wi-Fi networks, and another where the Apple logo didn't appear onscreen properly during boot-up.

The update also brings the Safari web browser to version 7.0.5, which is also available as a standalone update – as is an update to Safari 6.1.5.

Each of those update packs fixes a dozen vulnerabilities in the WebKit rendering engine, including multiple memory-corruption issues that could potentially allow a malicious website to crash the browser or execute arbitrary code. Many of these had already been fixed in the upstream WebKit source tree, but had yet to make their way into Safari.

The last Safari update, version 7.0.4, shipped a month ago and fixed 22 WebKit vulnerabilities.

Over on the shiny side of things, iOS 7.1.2 fixes a whole host of vulnerabilities, including a whopping 30 issues in the mobile version of WebKit. Mail, Safari, Siri, and the OS kernel also get the patch treatment, among other packages.

Finally, Cupertino has also been beavering away plugging holes in its Apple TV platform. Apple TV 6.2, which can run on the second-generation Apple TVs or later, includes fixes for 35 issues, many of them being the same WebKit bugs that are addressed by the Safari and iOS updates.

All of the aforementioned fixes are available via Apple's usual upgrade channels. ®


Other stories you might like

  • GPL legal battle: Vizio told by judge it will have to answer breach-of-contract claims
    Fine-print crucially deemed contractual agreement as well as copyright license in smartTV source-code case

    The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components.

    SFC sued Vizio, claiming it was in breach of contract by failing to obey the terms of the GPLv2 and LGPLv2.1 licenses that require source code to be made public when certain conditions are met, and sought declaratory relief on behalf of Vizio TV owners. SFC wanted its breach-of-contract arguments to be heard by the Orange County Superior Court in California, though Vizio kicked the matter up to the district court level in central California where it hoped to avoid the contract issue and defend its corner using just federal copyright law.

    On Friday, Federal District Judge Josephine Staton sided with SFC and granted its motion to send its lawsuit back to superior court. To do so, Judge Staton had to decide whether or not the federal Copyright Act preempted the SFC's breach-of-contract allegations; in the end, she decided it didn't.

    Continue reading
  • US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
    Citizen allegedly moved $10m-plus in BTC into banned nation

    US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.

    It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US.

    Under the United States' International Emergency Economic Powers Act (IEEA), it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia. If there is evidence the IEEA was willfully violated, a criminal case should follow. If an individual or financial exchange was unwittingly involved in evading sanctions, they may be subject to civil action. 

    Continue reading
  • Meta hires network chip guru from Intel: What does this mean for future silicon?
    Why be a customer when you can develop your own custom semiconductors

    Analysis Here's something that should raise eyebrows in the datacenter world: Facebook parent company Meta has hired a veteran networking chip engineer from Intel to lead silicon design efforts in the internet giant's infrastructure hardware engineering group.

    Jon Dama started as director of silicon in May for Meta's infrastructure hardware group, a role that has him "responsible for several design teams innovating the datacenter for scale," according to his LinkedIn profile. In a blurb, Dama indicated that a team is already in place at Meta, and he hopes to "scale the next several doublings of data processing" with them.

    Though we couldn't confirm it, we think it's likely that Dama is reporting to Alexis Bjorlin, Meta's vice president of infrastructure hardware who previously worked with Dama when she was general manager of Intel's Connectivity group before serving a two-year stint at Broadcom.

    Continue reading

Biting the hand that feeds IT © 1998–2022