Apple issues updates for iOS, OS X, Apple TV and Safari

Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.
Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.

Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.

The updates address multiple security issues and patch various bugs, along with the inclusion of a new Emoji keyboard, the company wrote on its support page. Its iOS 8.3 release patched more than 40 bugs, including CVE-2015-1085, which could have allowed a malicious application to guess users' passcodes. It was addressed through improved entitlement checking.

Also packaged with the update were fixes for multiple vulnerabilities that could have allowed for arbitrary code execution, including CVE-2015-1086, CVE-2015-1088, CVE-2015-1093, CVE-2015-1095, and CVE-2015-1098, among others.

Another patched bug, CVE-2015-1108, could have let an attacker exceed the maximum number of failed passcode attempts and was fixed through additional enforcement of the limit.

FireEye detailed CVE-2015-1118 in a Wednesday blog post. The bug could have allowed networking apps to crash, the system to respond slowly and not be able to reboot properly. Apple patched it in the new release.

The OS X updates vary, but primarily address arbitrary code execution. One bug, CVE-2015-1089, could have allowed cookies belonging to one origin to be sent to another. The issue existed in redirect handling and was addressed through improved handling of those redirects.

The company's Safari patches included one that could have revealed users' browsing history while in private browsing mode. It was addressed by disabling push notification prompts in private browsing mode. A separate bug involving browsing history, CVE-2015-1127, could have let users' history be indexed while in private mode. It was fixed through improved state management.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS