Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple Issues Security Updates for OS X, iOS, Safari

Updates released by Apple on Tuesday for OS X, iOS, Safari, Xcode, watchOS and tvOS address tens of vulnerabilities.

Updates released by Apple on Tuesday for OS X, iOS, Safari, Xcode, watchOS and tvOS address tens of vulnerabilities.

OS X El Capitan 10.11.2 patches a total of 54 security flaws affecting components such as the App Sandbox, Compression, CoreMedia Playback, EFI, File Bookmark, Hypervisor, ImageIO, Intel Graphics Driver, IOAcceleratorFamily, IOHIDFamily, IOKit SCSI, Kernel, Keychain Access, OpenGL, Sandbox, and Security.

iOS 9.2 fixes 50 vulnerabilities affecting Apple’s mobile operating system, including issues in Siri and WebKit. Some of the iOS weaknesses have been found by the Pangu Team and used for jailbreaks.

Many of the flaws found in iOS have also been resolved in tvOS 9.1 for Apple TV and watchOS 2.1 for Apple Watch.

The WebKit vulnerabilities, most of which have been found by Apple’s own security team, also affect Safari and they have been addressed with the release of version 9.0.2 of the web browser.

Four vulnerabilities impacting Xcode components such as otools, IDE SCM and Git have been patched with the release of Xcode 7.2.

Independent researchers and experts from companies such as Qihoo 360, Yahoo, Clarified Security, Free Tools Association, Google, Palo Alto Networks, ZeroC, Mozilla, Dell, and Trend Micro have been credited by Apple for finding these security holes. Researchers from Nanyang Technological University (Singapore), Polytechnic University of Bucharest (Romania), North Carolina State University (US), and Technische Universität Darmstadt (Germany) have also been credited.

Apple is not the only major company that released security updates on Tuesday. Enterprise software maker SAP released 26 patches for its products, Adobe issued updates that fix 77 Flash Player vulnerabilities, and Microsoft released 12 bulletins to fix tens of critical vulnerabilities, including ones exploited in the wild.

Apple may have fixed 50 vulnerabilities in iOS, but there is at least one critical flaw the company probably doesn’t know much about. Exploit acquisition firm Zerodium announced last month that a team of hackers completed its million-dollar challenge and developed a remote, browser-based untethered jailbreak that worked on iOS 9.1 and iOS 9.2 beta.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.