Apple Releases Security Updates January 2016

Earlier this month Apple released a group of security updates for a selection of it’s products:

=======================

  • Apple iOS 9.2.1: For iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
  • Apple tvOS 9.1.1: For Apple TV (4th generation)
  • Apple OS X El Capitan 10.11.3 and Security Update 2016-001: For OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan V10.11 to v10.11.2
  • Apple Safari 9.0.3: For OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2

=======================

As always, comprehensive details of all of these updates are provided on Apple’s Security Updates page.

If you wish to prioritize these updates I would suggest beginning with installing the update for iOS since it addresses a potentially high severity issue that was responsibly disclosed (defined) to Apple. If an attacker were to exploit this issue they would potentially be able to (one or all of the following):

  • impersonate their victim on a website of the attacker’s choice
  • perform execution (carrying out steps of the attacker’s choice) of JavaScript (defined) when the victim visits a website of the attacker’s choice
  • logging the victim into the attackers account for a website (of the attacker’s choice) rather than the account the victim was trying to access.

Noteworthy fixes included are as follows:

Apple iOS 9.2.1: Resolves 13 CVEs (defined) and includes fixes for IOKit, iOS Kernel (the concept of a kernel is defined here), syslog, and WebKit (among others).

Apple OS X El Capitan 10.11.3 and Security Update 2016-001: Addresses 9 CVEs within AppleGraphicsPowerManagement , Disk Images, IOAcceleratorFamily, IOHIDFamily, IOKit, OS X Kernel, and syslog (among others).

Apple tvOS 9.1.1: Resolves 8 CVEs within Disk Images, IOHIDFamily, IOKit, tvOS Kernel, syslog and WebKit (among others).

Apple Safari 9.0.3: Resolves 6 CVEs (in total) within WebKit (the renderer of Safari) and WebKit CSS.

An alternative summary of these updates is available within Intego’s blog post.

=======================

If you use any of the above software, please install the appropriate updates as soon as possible.

As a routine precaution I would recommend backing up the data on any device for which you are installing updates (preferably to an external storage device that can easily be accessed by you) in order to prevent data loss in the rare event that any update causes unexpected issues.

Please see these links from Apple for advice on backing up your iPhone and iPad.

For advice on how to install updates for Apple devices, please see the steps detailed at the end of this Sophos blog post as well as this link (from my “Protecting Your PC” page).

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s