Connect with us

Hi, what are you looking for?



Apple Patches Tens of Vulnerabilities in iOS, OS X

Apple released on Monday security updates for OS X, iOS, watchOS, tvOS, Safari, iTunes and iCloud to address tens of vulnerabilities identified by the company’s employees and external researchers.

Apple released on Monday security updates for OS X, iOS, watchOS, tvOS, Safari, iTunes and iCloud to address tens of vulnerabilities identified by the company’s employees and external researchers.

OS X El Capitan 10.11.6 fixes a total of 60 security bugs affecting components such as audio, CFNetwork, CoreGraphics, FaceTime, graphics drivers, ImageIO, the kernel, the login window, OpenSSL, QuickTime, sandbox profiles, and the libxml2 and libxslt libraries.

The CFNetwork vulnerability, tracked as CVE-2016-4645, was reported to Apple by Abhinav Bansal of Zscaler. The security firm published a blog post on Monday to describe the flaw that allows unprivileged applications to access cookies stored in the Safari browser.

“This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user,” Zscaler said. “In the case of email, it could result in a malicious application getting access to all your email. Worse, it could gain access to a site that stores more personal and confidential information about you.”

In the case of iOS, version 9.3.3 resolves a total of 43 vulnerabilities, including many that also affect OS X. One of the flaws specific to iOS allows an attacker with physical access to a device to abuse Siri to view private contact information.

Since watchOS and tvOS are heavily based on iOS, many of the vulnerabilities patched in iOS have also been fixed in the Apple Watch and Apple TV operating systems. Safari 9.1.2 patches a dozen security holes in the WebKit engine.

iCloud for Windows 5.2.1 and iTunes 12.4.2 for Windows address 15 memory corruption and information disclosure vulnerabilities affecting the libxml2 and libxslt libraries.

Advertisement. Scroll to continue reading.

It’s worth pointing out that these flaws also affect iOS, OS X, tvOS and watchOS. The libxml2 and libxslt issues have been identified by Wei Lei and Liu Yang of Nanyang Technological University, Gustavo Grieco, Nick Wellnhofer, Nicolas Grégoire, Kostya Serebryany, Hanno Boeck and Michael Paddon. libxml2 is a library used for parsing XML documents and it’s the basis for libxslt, which processes XSLT-1.0 stylesheets.

Related Reading: Apple Wants All iOS Apps to Use HTTPS by 2017

Related Reading: Apple Patches RCE Flaw in AirPort Routers

Related Reading: Apple Pulls Jailbreak Detection App from App Store

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.