Modest-sounding holes like this can often help crooks orchestrate a more serious attack. But there are many other forms of bypass, such as letting users get at or change files they shouldn’t even be able to see. All the above bugs bypass security, of course. Here, a crook who has already broken in as a regular user can grant himself more power, often all the way up to root (Administrator). That’s where an outsider can find out which programs are loaded where in memory, thus neutralising the protection of ASLR (address space layout randomisation) and giving crooks a clearer target to aim at when they attack.
That’s where externally-supplied content, like a web page, could trick your Mac or iDevice into running malware without even an “Are you sure?” pop-up.
Rather than try to deal with OS X and iOS by “summarising in detail,” patch by patch, we’ll just say that there are lots of security holes fixed, including at least:
To update QuickTime on Windows, run the Apple Software Update program from the Start menu. QuickTime’s Windows-specific update seems a little more current, with 9 CVE-numbered bugs, all apparently fairly recently reported. Good because the fixes are out at last bad because there are 39 CVE-numbered bugs on the list, including remote code execution holes, with 15 of them dating back to 2014. That’s both good and bad news for Windows users. To see if your Mac is up-to-date go to Apple Menu | App Store | Updates.Īlthough Mac users will see an iTunes update in their mix, it looks as though the security-related fixes apply only to Windows.
0 kommentar(er)
