Apple Releases Dozens of Security Patches for Everything

Tuesday

While Windows users are currently in fear of getting their systems hijacked by the WannaCry ransomware outbreak, Apple users are sitting relaxed, thinking that malware attacks are something that happens to Windows users, and not Apple.

But you are mistaken – Apple products are also not immune to the hack attacks and malware infections, as an ebook can hack your Mac, iPhone, and iPad.

Apple on Monday pushed out software updates for iOS, macOS, Safari, tvOS, iCloud, iTunes, and watchOS to fix a total of 67 unique security vulnerabilities, many of which allows attackers to perform remote code execution on an affected system.

iOS is 10.3.2 for iPhone, iPad, and iPod

Apple’s mobile operating system iOS 10.3.2 for the iPhone, iPad and iPod touch addresses 41 security flaws, 23 of which resides in WebKit, including 17 remote code execution and 5 cross-site scripting (XSS) vulnerabilities.

Besides this, iOS 10.3.2 also addresses a pair of flaws in iBooks for iOS (CVE-2017-2497, CVE-2017-6981) that could allow e-books to open arbitrary websites and execute malicious code with root privileges.

Other flaws addressed in iOS 10.3.2 include a memory corruption issue in AVE Video Encoder that could allow a malicious application to gain kernel-level privileges, and a certificate validation issue in the certificate trust policy for handling of untrusted certificates.

Apple users can install iOS 10.3.2 by connecting their iOS devices to iTunes or downloading it directly by going to the Settings → General → Software Update.

macOS Sierra 10.12.5 for El Capitan and Yosemite

Apple’s Mac operating system macOS Sierra 10.12.5 addresses a total of 37 vulnerabilities, including a pair of bugs in iBook that allow the execution of arbitrary code with root privileges, and a separate bug in iBook that allows an application to escape its secure sandbox.

Other flaws addressed in macOS Sierra 10.12.5 include a Wi-Fi networking issue that allows the theft of network credentials, elevation of privilege bugs in both the Intel and Nvidia graphics drivers, and four different arbitrary code execution flaws in SQLite.

Mac users can download the update through the App Store → Updates. Alternatively, macOS Sierra users can be download Sierra 10.12.5 as a stand-alone update, OS X El Capitan users can download the update here, and OS X Yosemite users can get the security update here.

Safari 10.1.1 for Apple Browser

Safari 10.1.1 addresses a total of 26 security issues, 23 of which resides in WebKit, many of which are also patched in the iOS 10.3.2.

Rest three vulnerabilities are patched in the Safari browser itself.

The Safari 10.1.1 update can be downloaded by going to the App Store → Updates on El Capitan and Yosemite systems.

watchOS 3.2.2 for Apple Watch

Apple Watch users should install watchOS 3.2.2 that patches a total of 12 security vulnerabilities, four of which could be used by attackers to execute remote code execution on the affected device.

Users of Apple Watch can download watchOS 3.2.2 by connecting their watch to its charger, and opening the Apple Watch app → My Watch tab → General → Software Update on their iPhone.

tvOS 10.2.1 for Apple TV

Apple has also released tvOS 10.2.1 to patch a total of 23 vulnerabilities, 12 of which resides in WebKit engine that could allow an attacker to perform cross-site scripting and remote code execution attacks on a target device.

The tvOS 10.2.1 update can be downloaded directly from the Apple TV by going to Settings → System → Update Software.

iTunes 12.6.1 for Windows and iCloud for Windows 6.2.1

Meanwhile, Apple also released patches for Windows users using iTunes and iCloud. Both iTunes 12.6.1 and iCloud 6.2.1 patches a single remote code execution bug in WebKit for Windows 7 and later.

Apple users are recommended to update all their operating systems for Apple products and Safari as soon as possible before cyber criminals exploited them. Patches are available through automatic updates.

Source link

Related Post

Next
Previous