Apple has pushed out new versions of its OS X Lion and iOS operating systems, and in the process fixed nearly 175 vulnerabilities that could potentially allow an attacker to seriously compromise users' computers and mobile devices.
In updating its mobile operating system to iOS 5, Apple most importantly removed the DigiNotar root certificate from the operating system's list of trusted certificates.
The compromised authentication certificates, which were stolen in early September from the Dutch company DigiNotar, sent a ripple through the security world, as an attacker with access to the stolen certificates could easily evade detection, effectively presenting himself as a trustworthy website.
The new operating system for iPhones, iPods and iPads also takes on BEAST, a hack that could allow an attacker to exploit the system's Transport Layer Security (TLS), common protocol used to keep data secure as it moves between the user and the server.
Apple's updated iOS 5 includes support for the new version of the protocol, TLS 1.2. (Apple has not specified which version of TLS the Mac and PC versions of Safari support.)
Along with tackling the DigiNotar and BEAST problems, Apple's update mobile operating system addressed several other important vulnerabilities that left features such as Safari, Wi-Fi, Calendar, Numbers, Pages, CoreFoundation, CoreGraphics and ImageIO open to exploitation.
Apple updated its desktop and laptop operating system as well, moving to OS X Lion 10.7.2. The Lion update to the OS "weighs in at a whopping 880 MB," Chester Wisniewski from the security firm Sophos wrote, and addresses flaws in the operating system's application firewall and the way it stores and handles Web cookies.
The updated Lion OS X includes several updates to QuickTime, Safari and other programs that could be rigged by an attacker to remotely execute code or gain elevated privileges on an infected system. The updated software is available at Apple's website; iPad, iPhone and iPod Touch owners need to plug their device into a Mac or PC to initiate their own upgrades.
The installation file size for iOS 5 is no lightweight either — depending on the devices and configurations, it's between 700 and 770 MB.
Apple's update servers were overloaded for a period of time Wednesday due to the overwhelming demand from millions of Macs and iDevices.