Patch/Configuration Management, Vulnerability Management

Apple fixes iBook iAuthor flaw

Apple released an update for OS X Yosemite v10.10 or later to patch a vulnerability (CVE-2016-1789) that could lead to disclosure of user information.

The fix, posted by Apple on March 1, said an XML external entity reference issue existed with iBook iAuthor parsing and it was fixed by improving the software's parsing ability.

Apple credited Behrouz Sadeghipour and Patrik Fehrenbach for finding the flaw.

This patch comes shortly after the company issued a lengthy update for several of its operating systems on March 22 and on March 29 Apple had to re-release its latest mobile offering, iOS 9.3 to fix an issue that caused the device to lock up on some older devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.