fofotechtips

Apple has released Mac OS X 10.7.3. The operating system update includes patches for more than 30 leaks. The embedded Web server receives an update, but the big DoS hole open buy electronics.

The major update to the Mac operating system contains thirty patches for more than thirty security holes. Depending on the current version of the user, the update between 700 MB and almost 1.5 GB. Among the built-in Apache server and PHP get an update, but in december hole discovered Denial of Service (DoS) in PHP remains open after this update.

Late December is the existence of the deep flaw in PHP include to come out. The leak is in almost all web servers . Criminals can easily cripple a web server by a specially crafted packet to send back.

DoS hole remains open

A special feature of this vulnerability is that a Web server can be shut down without the laptop screen accumulated capacity of a botnet is needed. A package of only 100 kilobytes is sufficient for a processor core of a web server off. If there are multiple of that are packages are sent, it is possible to a multicore-system, flat to explain. A standard PC with a typical broadband connection is sufficient for this DoS shot firing.

The leak was sealed in PHP version 5.3.9, but Apple sends in the OS X version 5.3.8 update now with it. Those outdated version of the popular scripting language in August last year released, and thus do not provide protection against DoS hole. That has come in PHP 5.3.9 on 10 January this year has been released Acer laptop screen.

Administrators can nevertheless adjust the settings of PHP to the problem to overcome. PHP recommends that users set the parameter max_input_vars' adjust. That should be for users on older PHP versions offer sufficient protection against the vulnerability.

More than thirty patches

Now appeared in the update package for Mac OS X are 30 patches multiple vulnerabilities, some problems. A number of security holes that can crash an application and executing code on an Compaq screen affected system possible.

Among the holes are a number of problems with the Apache Web server. According to the support article from Apple is another denial of service vulnerability in the embedded Web server poem. Another Apache SSL flaw makes it possible to intercept and decrypt data.

Quicktime allowing six plasters

The majority of of the described leaks deliver at exploitation is an crash-using app all immediately, in which than by means of a buffer overflow code can be executed on the affected Mac. This also applies to Apple's own QuickTime player, who gets six patches a substantial renovation. Playing some MP4 files, PNG and JPEG2000 images can cause a buffer overflow.

Almost all described also cover updates on Mac OS X 10.6.8 (Snow Leopard). In addition to these security patches does the update package from Apple, the addition of a number of languages ??to Safari. The updates are offered to all users Lenovo screen via the automatic update tool that is built into the operating system, but the updates directly from Apple downloads.