Mac OS X 10.6.7 update that went live yesterday hasn’t brought out any new user-centric features. However, besides fixing display flickering and lock ups on 2011 MacBook Pros, the software update did a good job of bug squashing, fixing a ton of vulnerabilities security experts discovered in Mac OS X Snow Leopard and Leopard. More than 56 vulnerabilities were patched, according to a Computeworld article.
These include a vulnerability that security expert and four times Pwn2Own winner Charlie Miller “didn’t get a chance to use at the hacking contest earlier this month.”
Apple’s security advisory accompanying the Mac OS X update says 45 of the 56 vulnerabilities allowed “arbitrary code execution.”
The phrase denotes a critical flaw that lets hackers take control of the machine upon visiting a malicious website.
The publication explains:
Several in that class resided in Apple Type Services (ATS), the operating system’s font renderer, and could be exploited using malicious documents embedded with specially-crafted fonts. Of those four vulnerabilities, two were reported by researchers from Apple’s rival Google. Other drive-by attacks could be launched using malformed files exploiting six vulnerabilities in Mac OS X’s ImageIO component, another five in QuickTime and two in QuickLook, the operating system’s document preview tool.
As we recently reported, the Safari browser was hacked within minutes at the HP TippingPoint-sponsored hacking challenge at the CanSecWest security conference in Vancouver, British Columbia.