Apple patches a massive 60+ vulnerabilities on Safari and iOS for Mac, Win, iPhone and iPod devices

Although the Jobsian computer giant isn't confirming, most observers say that Wednesday's major updates were in preparation for the CanSecWest event in Vancouver, which opened yesterday and will see the Pwn2Own cracker security contest as its centrepiece.

As reported previously by Infosecurity, the Pwn2Own competition has taken place each year at the CanSecWest event since 2007, with contestants challenged to exploit specific software - especially web browsers and other web-related software - and computer/smartphone systems. Winners receive the device/computer that was successfully exploited and a cash prize.

For each successful exploit, the contest's sponsor, TippingPoint, provides a report to the applicable vendor, detailing the vulnerability and how it was exploited. The details are not released to the public until the vendor has corrected the vulnerability.

This year's competition will test the four main browsers - Chrome, Firefox, Internet Explorer and Safari as well as smartphones running Apple iOS, Google Android, Microsoft Windows 7 Mobile and RIM/BlackBerry OS.

Infosecurity notes that Apple is not alone in releasing a swathe of updates ahead of CenSecWest, as Google and the Mozilla foundation have also gone down the out-of-schedule update path.

The ZDNet newswire reports that Safari 5.0.4 patches a total of 62 documented vulnerabilities, most serious enough to allow code execution attacks if a user simply surfs to a booby-trapped website.

The majority of the vulnerabilities, says the newswire, are coded in WebKit, the open-source browser rendering engine, with the Safari update also fixing "multiple gaping holes in ImageIO and libxml."

Separately, says ZDNet, Apple released iOS 4.3 to fix a wide range of serious security issues.

"The most serious of the iOS flaws could be used to take control of Apple' iPhone devices with maliciously crafted fonts, images or web sites," the newswire notes.

What’s Hot on Infosecurity Magazine?