On Tuesday of this week, Apple made available a large collection of security updates for the following products:
- Apple Safari: for OS X Yosemite (10.10), OS X Mavericks (10.9) and OS X Mountain Lion (10.8)
- Apple OS X: for OS X Yosemite (10.10), OS X Mavericks (10.9) and OS X Mountain Lion (10.8)
- Apple iOS 8.4: for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
- EFI Updates: for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 based systems
- Apple QuickTme: for Windows
- Apple iTunes: for Windows (while this was also available for Apple systems it does not appear to contain security related changes i.e. Apple devices may not be vulnerable to those vulnerabilities).
Full details on all updates are available on Apple’s Security Updates page. For this large collection of security updates, I believe that the OS X update has the highest priority since it resolves the largest number of CVEs.
Noteworthy fixes included are as follows:
- Apple Safari: Addresses 1 critical SQL input validation flaw (as well as 3 other CVEs).
- OS X (10.10, 10.9 and 10.8): includes fixes for 52 critical remote code execution CVEs as well as fixes for Apache, Certificate Trust Policy, CoreTLS (to address the Logjam flaw), EFI flash memory, display drivers (for non-Intel and Intel drivers), the OS X kernel, NTP, OpenSSL, QuickTime and SQLite (77 CVEs in total, not all flaws fixed were assigned CVE numbers).
- Apple iOS 8.4: includes fixes for CoreTLS (to address the Logjam flaw), the iOS kernel and several fixes for Safari and the WebKit library (33 CVEs in total, not all flaws fixed were assigned CVE numbers).
- Mac EFI Security Update 2015-001: Addresses 2 privilege escalations CVEs.
- Apple iTunes 12.2 for Windows: Addresses 39 CVEs.
- Apple QuickTime 7.7.7 for Windows: Addresses 9 CVEs.
For an explanation of the term CVE, please see the first short aside within this blog post.
If you use any of the above software, please install the appropriate updates as soon as possible (if you have not already done so). As a routine precaution I would recommend backing up the data on any device for which you are installing updates (preferably to an external storage device that can easily be accessed) in order to prevent data loss in the rare event that any update causes unexpected issues. This is especially important for the Mac EFI update mentioned above since if an issue occurs during the update, your computer may no longer start up correctly when turned on.