Patch/Configuration Management, Vulnerability Management

Apple issues updates for iOS, OS X, Apple TV and Safari


Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.

The updates address multiple security issues and patch various bugs, along with the inclusion of a new Emoji keyboard, the company wrote on its support page. Its iOS 8.3 release patched more than 40 bugs, including CVE-2015-1085, which could have allowed a malicious application to guess users' passcodes. It was addressed through improved entitlement checking.

Also packaged with the update were fixes for multiple vulnerabilities that could have allowed for arbitrary code execution, including CVE-2015-1086, CVE-2015-1088, CVE-2015-1093, CVE-2015-1095, and CVE-2015-1098, among others.

Another patched bug, CVE-2015-1108, could have let an attacker exceed the maximum number of failed passcode attempts and was fixed through additional enforcement of the limit.

FireEye detailed CVE-2015-1118 in a Wednesday blog post. The bug could have allowed networking apps to crash, the system to respond slowly and not be able to reboot properly. Apple patched it in the new release.

The OS X updates vary, but primarily address arbitrary code execution. One bug, CVE-2015-1089, could have allowed cookies belonging to one origin to be sent to another. The issue existed in redirect handling and was addressed through improved handling of those redirects.

The company's Safari patches included one that could have revealed users' browsing history while in private browsing mode. It was addressed by disabling push notification prompts in private browsing mode. A separate bug involving browsing history, CVE-2015-1127, could have let users' history be indexed while in private mode. It was fixed through improved state management.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.