Recently, Apple released Mac OS X 10.6.8. The latest update brings improvements to the Mac App to facilitate upgrade to the next version Mac OS X Lion. The update enhances VPN reliability, provides better support for IPv6, rectifies time zone data in iCal for Lisbon, improves detection of MacDefender malware and mitigates issue, which causes unexpected exit of preview. The update facilitates use of Kerberos authentication to proxy server, rectifies a document saving issue related to XCode or TextEdit on use of NFS home directory, introduces support for additional digital cameras, and resolves issue related to importing certain forms of media files into Final Cut Pro.

The vendor has also addressed multiple security vulnerabilities associated with various components. The addressed security flaws include an out of bounds memory read issue related to AirPort while handling Wi-Fi frames. The issue may allow an attacker on the same network to cause system reset, when connected to Wi-Fi. The security update mitigates an error handling issue in Certificate Trust Policy that causes acceptance of revoked certificate by specifying OCSP URL in most of Extended Validation (EV) certificates. The vendor has resolved a heap buffer flow issue in the way Image IO handles JPEG2000 images, which may cause application termination or execution of arbitrary code on visit to a malicious website. The security update mitigates an issue in MobileMe, wherein the Mail makes requests through HTTP for identifying a users e-mail aliases by introducing SSL. The issue may allow attackers with privileged network position to read e-mail aliases.

Apple has updated MySQL to 5.0.92 and mitigated several security flaws, the critical of which could result in arbitrary code execution. Open SSL has also been updated to mitigate several vulnerabilities, the serious of which could cause execution of arbitrary code. The security update resolves a memory corruption issue in the way QuickLook handles Microsoft Office files, which could lead to unexpected application termination or execution of arbitrary code on downloading a malicious Word file. An integer overflow issue in the way QuickTime handles RIFF WAV files that could cause execution of arbitrary code or termination of application on viewing a malicious WAV file. The vendor removed XML-RPC interface to resolve an XML external entity issue in the way servermgrd manages XML-RPC requests. The latest security updates resolves integer overflow in the way CoreGraphics handles Type 1 fonts, which could cause application termination or arbitrary code execution on opening a malicious PDF file.

The issues were identified and reported by both in-house experts as well as professionals associated with other vendors and security firms. Cyber-attackers attempt to leverage the time lag between the issuance of an update and actual implementation by the users. Internet users must immediately update to the latest version and avoid exploitation of security flaws by attackers. Professionals qualified in masters of security science and IT security certifications may help businesses in identifying and implementing necessary security updates.

Cyber security awareness is crucial to improve resistance to emerging threats. Advertisements, e-tutorials, encouraging online degree courses on cyber security may help in improving awareness on security topics. Distance learning and online university degree courses may help working IT professionals to enhance their expertise to effectively deal with emerging security threats.