Security Market Segment LS
Thursday, 20 July 2017 10:35

Another swag of security updates from Apple

By

Apple has released security updates for all of its platforms, and also for Safari for Mac, and iTunes and iCloud for Windows.

Apple has released security updates for macOS (and recent versions of OS X), iOS, watchOS and tvOS.

macOS 10.12.6 and the associated security updates for Yosemite and El Capitan address three dozen vulnerabilities in the Macintosh operating system.

They're mostly the same old story – buffer overflows or memory corruption issues that can be exploited to execute arbitrary code, often triggered by maliciously crafted media files (this time mostly audio files).

Significantly, the update includes a Sierra-specific update for a vulnerability (CVE-2017-9417) that allowed an attacker to execute arbitrary code on the Wi-Fi chip.

The number of vulnerabilities addressed in iOS 10.3.3 is even longer.

Given the commonality between Apple's operating systems, it's no surprise that many of the macOS issues also relate to iOS, including the Wi-Fi vulnerability. A similar issue affecting Broadcom BCM43xx Wi-Fi chips was discovered earlier this year by Google (CVE-2017-6975) and addressed in iOS 10.3.1.

Among the iOS-specific issues is a flaw in the Telephony code that could be used to execute arbitrary code.

watchOS and tvOS address similar lists of vulnerabilities, including the Wi-Fi issue.

Safari 10.1.2 for Mac contains fixes for 25 issues, several of them corresponding to changes delivered as part of iOS 10.3.3.

Among the more interesting are patches to prevent malicious web content from triggering an infinite number of print dialogs or spoofing the address bar.

iTunes for Windows 12.6.2 and iCloud for Windows 6.2.2 are mostly about delivering the fixes to WebKit (Apple's software for rendering web content) that are contained in the updates for Apple's own products.

The various updates are available in the usual ways, including the App Store for macOS and Software Update for iOS.


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.

CLICK HERE!

WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.

REGISTER HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments