Apple has released six patches for Mac OS X and Mac OS X Server, including one for a zero-day flaw that could allow a hacker to hijack a web-browsing session.
The zero-day vulnerability, which was made public in November 2009, lies in an authentication gap in TLS (Transport Layer Security) and SSL (Secure Sockets Layer) encryption protocols, Apple said in an advisory on Tuesday.
TLS and SSL protocols, commonly used by banks and online retailers to protect transactions, use a series of 'handshakes' to negotiate the session between the server and the client. As the protocols allow renegotiation of the session, an intruder can insert code undetected. The protocol-level breach could allow the attacker to take over a browser session and successfully impersonate the user, in what is known as a man-in-the-middle, or MITM, attack.
Another fix addresses an buffer-overflow issue in CoreAudio. If a user plays a malicious MP4 audio file, it could crash the application or allow an outsider to run code on the affected machine, according to the advisory.
The patch bundle, which is available via Apple's software updates or its download site, also includes a fix for an issue in component-level Cupsd that could be used to create a denial-of-service attack.
Welcome!
Me Eric, a software professional likes to share the tehnology learnt to the googlers
Labels
- anti-spyware programmes (1)
- anti-virus (1)
- Apple Security patches for Mac OS X (1)
- avaya (1)
- BlackBerry Applications (1)
- blackberry email (1)
- body scanner in airports (1)
- change drive letter and paths (1)
- computer tips and tricks (1)
- Cyber crime (1)
- cyber-criminals (1)
- Dash 3G (1)
- Domain Name extension (1)
- Drive Manager (1)
- email (1)
- emsil spam (1)
- facebook (1)
- Facebook users (1)
- Facebook's virus protection (1)
- Flights (1)
- Gmail (1)
- google nexus one (2)
- google nexus one phone complaints (1)
- google nexus phone (1)
- google phone (1)
- hacking (1)
- hard drive (1)
- htc mobile (1)
- IBM Lotus (1)
- Identity Management (1)
- Industry (1)
- Internet (5)
- Internet security (3)
- linkedin (1)
- LinkedIn IPO (1)
- Lotus Quickr (1)
- malicious software (1)
- malwarevirus protection (1)
- McAfee online backup service (1)
- medicine (2)
- Microsoft (1)
- mobile internet connections (1)
- nortel (1)
- online data backup (1)
- online server backup (1)
- Operating System (2)
- Oxford University (1)
- Oxford University ban on Spotify students (1)
- Oxford University Computing Services (1)
- Pen Drive (1)
- phishing and e-mail scams (1)
- Piracy detection software (1)
- Pirates of the Caribbean (1)
- printer (1)
- privacy advocates (1)
- Product Review (3)
- Products (1)
- Security (1)
- Software Reviews (8)
- Software Update (1)
- Sony X-Series laptop review (1)
- spam filter (1)
- Steroid (1)
- t mobile touch phone (1)
- T mobile touch pro2 (1)
- Technology (2)
- United kingdom (1)
- unlimited storage space (1)
- USB Drives (1)
- Virgin Media (1)
- weightloss (2)
- World’s Lightest Laptop (1)
- Yamaha YSP-4000 Digital Sound Projector Review (1)
Blog Archive
-
▼
2010
(21)
-
▼
January
(21)
- Improve Gmail Spam Filter Performance
- USB Drive Letter Manager
- Steriod Abuse | Teenagers | Drug Addiction
- unethical Weight Loss | Obesity Surgery
- Microsoft Internet Explorer IE8 Cyber Attack Secur...
- Avaya Nortel integration
- Body scanners in UK airports
- HP 3D printer market with Stratasys deal
- Apple Security patches for Mac OS X
- Identity Management
- Yamaha YSP-4000 Digital Sound Projector Review
- LinkedIn IPO
- T-Mobile Touch pro2
- Google Nexus Problems and Complaints
- Virgin Media unveils Piracy detection software
- BlackBerry Applications for Lotus Quickr, Connections
- McAfee online backup service
- Sony X-Series laptop review
- Oxford University ban on Spotify students
- Domain Name extension and Cyber crime
- Facebook's virus protection
-
▼
January
(21)