Patch/Configuration Management, Vulnerability Management

Apple patches 100 security issues across its product line

Among all the product and legal news surrounding Apple, the company yesterday also released seven security updates containing more than 100 fixes covering a wide range of its products and operating systems.

Included in the Apple's latest product launch was the roll out of iOS 9.3, which can be installed on the iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later and replaces iOS 9.2.1. The updated mobile OS offers several new features, but also patches 35 security flaws including one that would allow maliciously crafted website to auto-fill text into other Message threads and another that would allow “an attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments.”

Also included in the mix was an update for OS X server 5.1, Safari 9.1, OS X El Capitan v10.11, Xcode 7.3, tvOS 9.2 and watchOS 2.2.

The patches for OS X Server 5.1, available for OS X Yosemite v10.10.5 and later, fix four problems. These include one in Time Machine that would allow an administrator to unknowingly store backups on a volume without permissions enabled and another that could allow a remote user to view sensitive configuration information.

The update for Safari 9.1 contained 12 patches to fix issues including stopping a website from tracking sensitive information, or that would allow a maliciously crafted website to reveal the user's current location.

The update for El Capitan contained the majority of the patches, 58, solving issues ranging from allowing a local attacker to be able to cause an unexpected application termination or arbitrary code execution to stopping a remote attacker from being able to cause a denial of service.

The Xcode 7.3 solves three issues to include multiple memory corrpuption issues and stopping a malicious server from executing arbitrary code.

AppleTV was also part of the security update mix with 23 fixes being made available with tvOS 9.2 fixing a range of issues including stopping the execution of arbitrary code with kernel privileges, denial of service and multiple memory corruption issues.

Watch OS 2.2, which is available for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes, had 34 issues that needed attention. The majority centered on problems with allowing the execution of arbitrary code both with and without kernel privileges, stopping application from causing denial of service and memory corruption problems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.