OS X Gets Massive Patch, Microsoft Closes Zero-Day

Apple drops a patch for a staggering 88 vulnerabilities while Microsoft closes a hole in certain versions of Internet Explorer that have been under attack for several weeks.Apple today published Security Update 2010-002 / Mac OS X v10.6.3. The update can be downloaded using the OS X Software Update. If you're a Mac user and it hasn't triggered automatically, I suggest you update right away.

Some of the 88 vulnerabilities make it possible for OS X users to get infected with malware, or have their systems hijacked by viewed an especially crafted files.

A number of critical vulnerabilities include those in AppKit, QuickTime, and Image RAW.

Switching from Cupertino, CA to Redmond, WA - Microsoft said it plans to publish an "out-of-band" patch that fills the Internet Explorer 6 and 7 vulnerability that has been under attack for some time.

According to Microsoft Security Advisory 981374, first published on March 9, targeted attacks were underway at that time.

The flaw doesn't affect Internet Explorer 8 or 7. More information of the patch is available in Microsoft Security Bulletin Advance Notification for March 2010.

This risk from this vulnerability should be quite serious, or the company would have waited to roll this update out on the second Tuesday of April.