Apple Issues Giant Patch Release; Fixes iPhone At Eleventh HourApple Issues Giant Patch Release; Fixes iPhone At Eleventh Hour

Winning a race against the clock, Apple released several patches for bugs that could let hackers take control of its red-hot iPhone -- less than two days before researchers were slated to present information about the vulnerabilities at this week's BlackHat conference.

The fixes came as part of a giant patch release that Apple issued late Tuesday to take care of about 50 vulnerabilities that stretch across the iPhone, Mac OS X, Windows Vista, and the Safari browser.

One advisory focuses on vulnerabilities in Safari in Mac OS X, along with Microsoft's Windows XP and Windows Vista. A stack buffer overflow vulnerability exists in Safari's bookmark handling that could lead to an unexpected application termination or arbitrary code execution in Windows XP or Windows Vista, according to the advisory. Apple also noted a heap buffer overflow in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. That flaw, which could cause arbitrary code execution, affects the Windows platform, along with Mac OS X.

Another advisory patches about 45 vulnerabilities in a plethora of Mac OS X components, including a flaw in iChat that could enable an attacker on the local network to cause a denial-of-service or arbitrary code execution. Apple also patched several vulnerabilities in its WebCore framework, which provides an HTML layout engine for Mac OS X, along with several flaws in Samba, a software suite that provides file and print services to clients.

The fixes getting the most attention across the Internet are for the iPhone.

A few weeks ago, three researchers from Independent Security Evaluators announced they have developed a proof-of-concept exploit for a vulnerability that would let a remote attacker steal information off the popular device. Charlie Miller, who worked on the research along with Jake Honoroff and Joshua Mason, is set to present the full details of the iPhone exploit at the BlackHat USA Conference in Las Vegas on Thursday, Aug. 2.

The five iPhone patches that Apple released deal with two flaws in Safari, one in WebCore, and two in WebKit, an application framework for Mac OS X.

The two Safari bugs are both triggered when a user visits a malicious Web page. One allows for cross-site scripting and the other causes arbitrary code execution.