Thursday, 2 July 2015

Apple Closed 164 Vulnerabilities In OS X, iOS, Safari, iTunes, And QuickTime

Apple yesterday evening updates for Mac OS X, iOS, Safari, iTunes, QuickTime, and Mac EFI released that fix vulnerabilities 164 together. Most of the updates, 77 in total, appeared for Mac OS X in the form of OS X Yosemite 10.10.4 and Security Update 2015-005 .

Thus, clearing the logjam attack through these updates, as well as several vulnerabilities which could allow an attacker at worst arbitrary code on the computer. This could for instance by the user to open a malicious zip file. The updates can be downloaded via the Mac App Store or Apple's download site.


In iOS 8.4 , Apple fixed 33 security vulnerabilities. Through the vulnerabilities could allow an attacker who is between the user and the Internet was to intercept network traffic, execute arbitrary code, external HTML in the Mail app loading, accounts taken over by users to a malicious website visits or perform the logjam attack. For arbitrary code execution, an attacker could use a malicious SIM card. Updating to iOS 8.4 can automatically or manually via iTunes or the Software Update feature.

Safari and Mac EFI

Apple also released new versions of Safari. Safari 8.0.7, Safari 7.1.7 and Safari 6.2.7 fix four vulnerabilities allowing a malicious website could approach the WebSQL database from other websites, visiting a specially prepared website made ​​it possible to hijack accounts, there via a malicious link to a PDF file was embedded in a website cookies could be stolen and the worst could be executed arbitrary code when visiting a malicious website. Updating via the Mac App Store.

Apple also patched the leak making it possible via a malicious app with root privileges EFI firmware to match. Furthermore, among the Rowhammer attack, which investigators DDR3 memory could attack the past. Also EFI Mac Security Update 2015-001 is available via the Mac App Store.

Windows Users

For Windows users also appeared updates. These are patches for QuickTime and iTunes for Windows. iTunes 12.2 for Windows 7 and Windows 8 fixes 39 vulnerabilities could allow an attacker, who was between the user and the Internet, could execute arbitrary code on the computer and the iTunes Store was visited. In QuickTime was the execution of arbitrary code.This, however, had to be opened a specially prepared file. The nine leaks in QuickTime 7.7.7 corrected.

No comments:

Post a Comment