Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Apple Patches Vulnerabilities in OS X, iOS, Safari

Updates released by Apple on Wednesday address numerous vulnerabilities in Mac OS X, iOS, Safari and other products developed by the company.

Updates released by Apple on Wednesday address numerous vulnerabilities in Mac OS X, iOS, Safari and other products developed by the company.

The OS X updates fix a total of 80 security issues affecting components such as the admin framework, Apache, ATS, CFNetwork, CoreAnimation, FontParser, hypervisor, ImageIO, IOHIDFamily, the kernel, LaunchServices, libnetcore, NTP, OpenSSL, PHP, QuickLook, SceneKit, UniformTypeIdentifiers, and WebKit.

The patched vulnerabilities can be exploited for remote code execution, denial-of-service (DoS) attacks, data leakage, and bypassing security mechanisms.

Three of the vulnerabilities were reported by the researcher known as lokihardt through HP’s Zero Day Initiative (ZDI). One of them is the remote code execution bug leveraged by the expert at the Pwn2Own 2015 hacking competition to break Safari. ZDI has published advisories for each of the flaws.

One of the DoS bugs affecting the OS X kernel was detailed in a blog post on Wednesday by Kenton Varda of The vulnerability allows an attacker to cause apps and network services, such as Chrome and Node.js, to go into infinite loops.

The details of a NULL pointer vulnerability in the NVidia GeForce kernel driver shipped with OS X Yosemite were also disclosed. Yahoo researchers John Villamil and Frank Graziano discovered the flaw that allows a local attacker to execute arbitrary code with system privileges.

With the release of iOS 8.3, Apple has addressed a total of 58 flaws, including ones that affect OS X as well. The list of impacted components includes AppleKeyStore, audio drivers, the backup system, iWork Viewer, Bluetooth keyboards, the lock screen, sandbox profiles, telephony, and Safari. The backup system bug, which allows an attacker to access restricted areas of the file system, has been leveraged by TaiG for its jailbreaks.

Advertisement. Scroll to continue reading.

The Safari web browser has been updated to versions 8.0.5, 7.1.5, and 6.2.5. The latest releases address a total of ten issues, many of which impact users’ privacy.

Updates have also been released for Xcode and Apple TV. The vulnerabilities fixed by Apple with the release of Apple TV 7.2 can be exploited by malicious actors for arbitrary code execution, DoS attacks, privilege escalation, traffic redirection, security bypasses, and information leakage.

The Xcode integrated development environment has been updated to version 6.3. Two security flaws have been addressed in this release.

Some of the vulnerabilities fixed with the latest updates were identified by Apple’s own security team, but many of them were discovered and reported by independent researchers and experts working for companies such as Google, Alibaba, IBM, IOActive, Kaspersky, Zimperium, and FireEye.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.