U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Apple Releases Security Updates

Original release date: April 15, 2011 | Last revised: October 23, 2012

Apple has released the following security updates:

Security Update 2011-002 addresses a vulnerability in the Certificate Trust Policy for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Sever v10.6.7. Exploitation of this vulnerability may allow an attacker to intercept user credentials, or obtain sensitive information.

Safari 5.0.5 addresses two vulnerabilities affecting the WebKit package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

iOS 4.2.7 Software Update for iPhone addresses multiple vulnerabilities affecting the Certificate Trust Policy, QuickLook, and WebKit Packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information.

iOS 4.3.2 Software Update addresses multiple vulnerabilities affecting the Certificate Trust Policy, libxslt, QuickLook, and WebKit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information, or bypass security restrictions.

US-CERT encourages users and administrators to review Apple articles HT4608, HT4596, HT4607, and HT4606 and apply any necessary updates to help mitigate the risks.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top