Apple on Tuesday released security updates for a majority of its products, and it patched the vulnerability that allows Meltdown attacks in earlier versions of its Mac operating system.
Apple rolled out the first mitigations for the Meltdown attack before the flaws were disclosed, in early December, with the release of iOS 11.2, macOS 10.13.2 and tvOS 11.2. Protections against Spectre attacks were added on January 8 with the release of iOS 11.2.2, macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2.
The latest security updates released by the tech giant for Mac computers patch 17 vulnerabilities, including a kernel flaw that allows Meltdown attacks (CVE-2017-5754) in macOS Sierra 10.12.6 and OS X El Capitan 10.11.6.
The update for High Sierra also addresses several other kernel vulnerabilities that can be exploited to read restricted memory and execute arbitrary code with elevated privileges, including ones found by Jann Horn, the Google researcher who independently discovered the Meltdown and Spectre weaknesses.
Other macOS vulnerabilities patched on Monday affect the audio, cURL, LinkPresentation, QuartzCore, sandbox, security, WebKit and Wi-Fi components.
The updates for macOS High Sierra 10.13.2, macOS Sierra 10.12.6, and OS X El Capitan 10.11.6 also fix the IOHIDFamily local privilege escalation vulnerability disclosed by a researcher on New Year’s Eve. The expert disclosed the flaw without giving Apple the chance to release a patch, arguing that it’s not remotely exploitable and the PoC he made public is not stealthy.
iOS 11.2.5 patches 13 security holes, including in the audio, Bluetooth, kernel, LinkPresentation, QuartzCore, security, and WebKit components. Some of these flaws are the same ones that affect macOS.
Since watchOS and tvOS are also based on iOS, a majority of the vulnerabilities have also been patched in the Apple Watch and Apple TV operating systems.
The WebKit flaws have also been resolved by Apple in iCloud for Windows, iTunes for Windows, and Safari.
Despite being among the first vendors to start releasing patches, Apple is facing class action lawsuits over the Meltdown and Spectre CPU vulnerabilities. Apple’s processors are affected due to the fact that they use ARM technology.
Related: Apple Silently Patched macOS Security Bypass Flaw
Related: Apple Patches Critical Root Access Flaw in macOS
Related: Apple Patches Dangerous KRACK Wi-Fi Vulnerabilities
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
Latest News
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Why Endpoint Resilience Matters
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- UK Introduces Mass Surveillance With Online Safety Bill
- Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT
