Thursday, 22 October 2015

Apple Close Vulnerabilities In OS X, iOS, Safari, iTunes And WatchOS

Apple has released updates to several products, including Mac OS X, iOS and iTunes, which resolve a large number of vulnerabilities together. In Mac OS X El Capitan 10.11.1 and Security Update 2015-007 are 60 vulnerabilities patched allowing an attacker to execute arbitrary code in the worst case.

This could for example by visiting a malicious website to open a malicious audio file or image, extracting a malicious archive file or processing a malicious font file. Also, an attacker with a "privileged" position network, for example, between the user and the Internet, could execute arbitrary code. Updating via the Mac App Store or the Apple website.

For Mac users, Apple has also fixed a vulnerability in the firmware. Researchers demonstrated in August a worm that can infect Mac firmware. There are several possible vulnerabilities were used. One of the leaks is used by Mac EFI Security Update 2015-002 corrected. The update can be downloaded via the Mac App Store.


For owners of an iPhone, iPad or iPod Touch iOS 1.9 appeared that 49 vulnerabilities were patched. A number of vulnerabilities in Mac OS X are also available in iOS and make it possible for an attacker to execute arbitrary code eg when visiting a website. The Pangu jailbreak will not work in this version. Update via iTunes and the automatic update feature.

There is also a new version of Safari appeared. Via Safari 9.0.1, Apple has patched nine vulnerabilities allowing an attacker could execute arbitrary code. Appeared for owners of an Apple Watch. WatchOS 2.0.1, where 15 vulnerabilities are resolved.


Windows users who have installed iTunes be advised to iTunes 12.3.1 upgrade. Via a man-in-the-middle attack when looking around in the iTunes Store via iTunes arbitrary code can be executed on the system. Further, it was also possible for malicious applications to execute arbitrary code via text files.

No comments:

Post a Comment