Apple had been getting some bad press in the last week or so for not issuing the patch when most other vendors did so over 3 weeks ago.
Many of the other vulnerabilities patched in this update are rather serious on their own. CarbonCore has a stack-based overflow in the processing of long-file names. CoreGraphics has two flaws that could lead to code execution. A bounds-checking error in OpenSSL from last September could allow remote code execution; Red Hat patched it in about 2 weeks. 5 different vulnerabilities in PHP are patched all at once.
No comments:
Post a Comment