Apple has released an update that covers the vulnerability in the operating systems

Apple has released a security update - 2013-001. It is intended to close 21 vulnerabilities and solve the problem of the intermediate copy of the certificate issued by mistake TURKTRUST. Pack 2013-001 closes vulnerabilities in operating systems: Mac OS X 10.6.8, OS X Lion 10.7-10.7.5, OS X Mountain Lion 10.8-10.8.2, Mac OS X Server 10.6.8 and OS X Lion Server 10.7 -10.7.5.

Among the closed holes: two vulnerabilities Wiki Server, allowing remote code execution. A vulnerability in the Profile Manager, one in the Podcast Producer server and one in PDFKit.

Were closed vulnerabilities that allow attackers, under certain conditions, arbitrary code execution by exploiting a vulnerability in the ImageIO, with a malicious TIFF file or a memory corruption problem in IOAcceleratorFamily.


Other vulnerabilities addressed by updating 2013-001: canonicalization in Apache, cross-site scripting (XSS-vulnerability) in International Components for Unicode (ICU) and a hole in the kernel, which is a source of information leakage.

According to reports, for the information about the vulnerabilities, Apple has issued a number of third-party compensation experts, in particular, Clint Ruoho of Laconic Security, Masato Kinugawa, Mark Dowd of Azimuth Security, Eric Monti from Square, Aaron Sigel with vtty.com, Tobias Klein, Kevin Szkudlapski of QuarksLab and Emilio Escobar.