Apple patches a hundred vulnerabilities in its systems

Manzana launched on wednesday updates with which it has solved more than 100 vulnerabilities detected in eight of its products, including new versions for its iTunes multimedia player, its Safari browser, and the most recent version of its mobile operating system, iOS 7. Along with them, the new Mavericks operating system, Keynote 6.0, Remote Desktop versions 3.7 and 3.5.4, and OS X Server 3.0 also received updates.

On the one hand, the update iOS 7.0.3 fixes three bugs in iPhone’s password feature: one that could have allowed anyone to bypass the lock screen and make a call with it; another that could have allowed calling arbitrary contacts on a phone or accessing the contact panel through the lock screen; and the last one that keeps the code visible when it shouldn’t be, just like when a user makes too many incorrect password attempts. All three bugs have been fixed with version IOS 7 7.0.3, the third since its launch last month.

On the other hand, 24 vulnerabilities have been resolved in the most recent version of iTunes for Windows, iTunes 11.1.2, mostly the result of when users view malicious movie files or browse malicious web pages via media player. A vulnerability discovered by Google’s Chrome security team exploits memory corruption bugs with WebKit, and could have left users exposed to a man-in-the-middle attack when browsing the iTunes store.

The latest operating system also fixes 53 specific issues, including one with the App Sandbox allowing it to be overridden and issues with CoreGraphics that could have left me a log of unprivileged app keystrokes. Mavericks also fixes a number of bugs in the kernel, Ruby, Python, and Perl.

Although 7.0 is included in the update of Mavericks, Mountain Lion users who either cannot download Mavericks or want to delay it, can still update their Safari 6.1. The update fixes 21 browser issues, most of them related to WebKit glitches that could lead to cross-site scripting attacks and unexpected termination of the application. The update includes other Safari features, such as “power saving” and third-party data blocking.

Related news:

After the attack, Apple recovers its developer site