Apple released on Monday security updates for OS X, iOS, watchOS, tvOS, Safari, iTunes and iCloud to address tens of vulnerabilities identified by the company’s employees and external researchers.
OS X El Capitan 10.11.6 fixes a total of 60 security bugs affecting components such as audio, CFNetwork, CoreGraphics, FaceTime, graphics drivers, ImageIO, the kernel, the login window, OpenSSL, QuickTime, sandbox profiles, and the libxml2 and libxslt libraries.
The CFNetwork vulnerability, tracked as CVE-2016-4645, was reported to Apple by Abhinav Bansal of Zscaler. The security firm published a blog post on Monday to describe the flaw that allows unprivileged applications to access cookies stored in the Safari browser.
“This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user,” Zscaler said. “In the case of email, it could result in a malicious application getting access to all your email. Worse, it could gain access to a site that stores more personal and confidential information about you.”
In the case of iOS, version 9.3.3 resolves a total of 43 vulnerabilities, including many that also affect OS X. One of the flaws specific to iOS allows an attacker with physical access to a device to abuse Siri to view private contact information.
Since watchOS and tvOS are heavily based on iOS, many of the vulnerabilities patched in iOS have also been fixed in the Apple Watch and Apple TV operating systems. Safari 9.1.2 patches a dozen security holes in the WebKit engine.
iCloud for Windows 5.2.1 and iTunes 12.4.2 for Windows address 15 memory corruption and information disclosure vulnerabilities affecting the libxml2 and libxslt libraries.
It’s worth pointing out that these flaws also affect iOS, OS X, tvOS and watchOS. The libxml2 and libxslt issues have been identified by Wei Lei and Liu Yang of Nanyang Technological University, Gustavo Grieco, Nick Wellnhofer, Nicolas Grégoire, Kostya Serebryany, Hanno Boeck and Michael Paddon. libxml2 is a library used for parsing XML documents and it’s the basis for libxslt, which processes XSLT-1.0 stylesheets.
Related Reading: Apple Wants All iOS Apps to Use HTTPS by 2017
Related Reading: Apple Patches RCE Flaw in AirPort Routers
Related Reading: Apple Pulls Jailbreak Detection App from App Store
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
