Apple Releases Security Updates for iOS, OS X and Safari

Yesterday Apple made available a large collection of security updates for the following list of products:

  • Apple OS X El Capitan 10.11
  • Apple iOS 9.0.2: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
  • Apple Safari 9: for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11

Full details on all updates are available on Apple’s Security Updates page. I would suggest prioritizing the installation of the updates for OS X and Safari due of the number and severity of the vulnerabilities that they address.

Noteworthy fixes included are as follows:

Apple OS X El Capitan 10.11: addresses 100 CVEs (defined)(and 3 issues not assigned CVEs at this time) includes fixes for Apache webserver, bash, CoreCrpyto, EFI, OS X Kernel, libc, libpthread, Apple Mail, OpenSSL, OpenSSH, terminal and Time Machine.

Apple Safari 9: Includes fixes for 45 CVEs (and 4 issues not assigned CVEs at this time) in Safari, WebKit (the renderer of Safari) and WebKit related components.

Apple iOS 9.0.2: Addresses an important CVE in relation to the ability to bypass the lock screen of iOS using Siri. More details are available in this Sophos blog post. That blog post also provides additional security hardening advice that you may wish to apply to your lock screen configuration.

If you use any of the above software, please install the appropriate updates as soon as possible. As a routine precaution I would recommend backing up the data on any device for which you are installing updates (preferably to an external storage device that can easily be accessed by you) in order to prevent data loss in the rare event that any update causes unexpected issues.

Please see this link from Apple for advice on backing up your Mac laptop/desktop especially since the OS upgrade is a significant one.

Further details of the features/improvements incorporated into OS X El Capitan are located here. The steps on upgrading are provided here which include checking if your Mac devices meet the requirements to install the new operating system.

For advice on how to install updates for Apple devices, please see the steps detailed at the end of this Sophos blog post as well as this link (from my “Protecting Your PC” page).

Finally the update for OS X does not address a known bypass for Apple’s Gatekeeper security feature but as this article mentions, Apple is working on a fix for that issue.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s