Security Market Segment LS
Thursday, 22 October 2015 06:54

Apple delivers OS X 10.11.1 and more Mac security fixes

By

Apple has released OS X 10.11.1 - 'El Capitan take two' - along with corresponding security fixes for Macs running recent versions of OS X.

When a major new release of an operating system appears, the vendor is typically aware of certain unfixed bugs, and real-world users often run into issues that didn't surface during the testing period. So a .1 update usually arrives a short time later.

OS X El Capitan 10.11 follows that tradition, and version 10.11.1 has made its debut.

Apple's traditionally terse release notes for OS X 10.11.1 say it:

  • Improves installer reliability when upgrading to OS X El Capitan
  • Improves compatibility with Microsoft Office 2016
  • Fixes an issue where outgoing server information may be missing from Mail
  • Resolves an issue that prevented display of messages and mailboxes in Mail
  • Resolves an issue that prevents certain Audio Unit plug-ins from functioning properly
  • Improves VoiceOver reliability
  • Adds over 150 new emoji characters with full Unicode 7.0 and 8.0 support

If the update allows Outlook 2016 to function properly on El Capitan, a lot of users will be very happy.

OS X 10.11.1 and Security Update 2015-007 for OS X Mavericks 10.9.5 and OS X Yosemite 10.10.5 provide the usual laundry list of security patches. More than 60 CVEs are addressed by these releases.

Many of them overlap with those covered by iOS 9.1, since OS X, iOS and watchOS have a lot in common.

Many of the vulnerabilities fixed are serious issues that allow arbitrary code execution or other significant attacks.

Among the more interesting vulnerabilities fixed in OS X 10.11.1 and Security Update 2015-007 are a couple of flaws that allowed malicious audio files to execute code if played, an EFI-related issue (also patched by Mac EFI Security Update 2015-002 for Mavericks), problems with the El Capitan Nvidia graphics driver that could be exploited to read kernel memory or execute code with kernel privileges, a libarchive issue that could be used to overwrite arbitrary files, a shortcoming that could be run arbitrary AppleScripts without the user's express consent, and a way of generating synthetic clicks on keychain prompts (thus bypassing the user).

Open source components updated include Apache, Net-SNMP, OpenGL and OpenSSH.

You can read the full list of issues here.

The Safari-related fixes are also available separately as Safari 9.0.1.

The updates are available via the updates section of the Mac App Store.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments