Security Market Segment LS
Tuesday, 24 January 2017 14:38

Another raft of security updates from Apple Featured


Apple has released updates for iOS, macOS and other products to fix a number of security issues.

Given the commonality among macOS, iOS, watchOS and tvOS, it's not surprising that security fixes for each operating system arrive at much the same time.

Overnight, Apple released iOS 10.2.1, macOS 10.12.3, watchOS 3.1.3 and watchOS 10.1.1.

iOS 10.2.1 includes 18 security fixes. A dozen concern WebKit (the framework used by the Safari browser and other applications that render HTML), three others might be exploitable to execute arbitrary code, and one could allow the Auto Unlock function to operate even when the associated Apple Watch had been removed from the user's wrist.

macOS 10.12.3 addresses 12 vulnerabilities, including three in PHP and one in Vim. The others variously allowed maliciously crafted files to execute arbitrary code or obtain information about the memory layout. A solitary WebKit fix blocks a method that websites could exploit to open popups contrary to the user's settings.

More than 30 vulnerabilities have been fixed in watchOS 3.1.3, including the other side of the Auto Unlock issue, an issue that allowed existing files to be overwritten, and a flaw that could allow certificates to be incorrectly treated as trusted.

The dozen vulnerabilities addressed by tvOS 10.1.1 are generally common to one or more of Apple's other operating systems, with eight of them involving the potential for maliciously crafted files or web content to execute malicious code. The others involved issues such as privilege escalation and data exfiltration.

The changes aren't all about security.

macOS Sierra 10.12.3 is said to improve automatic graphics switching on the 15-inch October 2016 MacBook Pro, resolve graphics issues while encoding Adobe Premiere Pro projects on 13in and 15in MacBook Pro with Touch Bar, fix an issue that prevented the searching of scanned PDF documents in Preview and another regarding compatibility of PDF documents exported with encryption enabled, and fix an issue that prevented some third-party applications from correctly importing images from digital cameras.

For enterprise users, it also resolves an issue where network or cached user accounts (eg, Active Directory accounts) using the maxFailedLoginAttempts password policy were becoming disabled.

iTunes 12.5.5 provides "minor app and performance improvements" but there's no mention of security fixes.

New versions of Safari (10.0.3), iCloud for Windows (6.1.1) and iTunes for Windows (12.5.5) also arrived. The two Windows products incorporate certain functionality from Apple's operating systems, and so tend to be updated more or less simultaneously.

Safari 10.0.3 for Yosemite, El Capitan and Sierra provides fixes for 12 vulnerabilities, several of them also seen in one or more of the OS updates. One of the more interesting issues fixed previously allowed malicious websites to spoof the address bar, giving users a false sense of security.

iCloud for Windows 6.1.1 and iTunes for Windows 12.5.5 each include four WebKit fixes for issues that might be exploited to execute arbitrary code.

The updates can be variously obtained via the Mac App Store, Software Update, iTunes, the Apple Downloads page and the iTunes download page.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments