Security Experts:

Apple Issues Security Updates for OS X, iOS, Safari

Updates released by Apple on Tuesday for OS X, iOS, Safari, Xcode, watchOS and tvOS address tens of vulnerabilities.

OS X El Capitan 10.11.2 patches a total of 54 security flaws affecting components such as the App Sandbox, Compression, CoreMedia Playback, EFI, File Bookmark, Hypervisor, ImageIO, Intel Graphics Driver, IOAcceleratorFamily, IOHIDFamily, IOKit SCSI, Kernel, Keychain Access, OpenGL, Sandbox, and Security.

iOS 9.2 fixes 50 vulnerabilities affecting Apple’s mobile operating system, including issues in Siri and WebKit. Some of the iOS weaknesses have been found by the Pangu Team and used for jailbreaks.

Many of the flaws found in iOS have also been resolved in tvOS 9.1 for Apple TV and watchOS 2.1 for Apple Watch.

The WebKit vulnerabilities, most of which have been found by Apple’s own security team, also affect Safari and they have been addressed with the release of version 9.0.2 of the web browser.

Four vulnerabilities impacting Xcode components such as otools, IDE SCM and Git have been patched with the release of Xcode 7.2.

Independent researchers and experts from companies such as Qihoo 360, Yahoo, Clarified Security, Free Tools Association, Google, Palo Alto Networks, ZeroC, Mozilla, Dell, and Trend Micro have been credited by Apple for finding these security holes. Researchers from Nanyang Technological University (Singapore), Polytechnic University of Bucharest (Romania), North Carolina State University (US), and Technische Universität Darmstadt (Germany) have also been credited.

Apple is not the only major company that released security updates on Tuesday. Enterprise software maker SAP released 26 patches for its products, Adobe issued updates that fix 77 Flash Player vulnerabilities, and Microsoft released 12 bulletins to fix tens of critical vulnerabilities, including ones exploited in the wild.

Apple may have fixed 50 vulnerabilities in iOS, but there is at least one critical flaw the company probably doesn’t know much about. Exploit acquisition firm Zerodium announced last month that a team of hackers completed its million-dollar challenge and developed a remote, browser-based untethered jailbreak that worked on iOS 9.1 and iOS 9.2 beta.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.