Security Market Segment LS
Wednesday, 20 January 2016 09:47

Apple patches OS X, iOS and Safari vulnerabilities


Apple has released new versions of its OS X and iOS operating systems to deliver security updates and bug fixes.

OS X 10.11.3 fixes nine vulnerabilities in the Mac operating system, most of which had the potential to allow the execution of arbitrary code with kernel privileges.

One of them was remotely exploitable by a maliciously crafted web page.

The corresponding security updates are also available for older but still supported OS X releases as Security Update 2016-001 Yosemite and Security Update 2016-001 Mavericks.

The updates can be installed from the Updates tab of the Mac App Store, but those who manage multiple Macs can also download them from Apple's web site (Download Security Update 2016-001 Yosemite, Download Security Update 2016-001 Mavericks, and Download OS X El Capitan 10.11.3 Combo Update).

Also available is Safari 9.0.3 for El Capitan (normally installed as part of the 10.11.3 update) and for Yosemite and Mavericks.

It addresses six vulnerabilities. Five - all discovered by Apple - may allow malicious web sites to trigger the execution of arbitrary code.

The sixth - discovered by an anonymous researcher - made it possible for sites to discover whether the user had visited a given link thanks to inadequate validation in the handling of the "a:visited button" CSS selector.

Earlier versions of Safari for Mountain Lion its predecessors have not been patched. While those operating systems are themselves unsupported and therefore no longer receiving security updates, it would seem sensible to minimise the risk by switching to a currently supported browser such as Firefox.

Turning to iOS, the 9.2.1 update addresses a similar set of issues to OS X 10.11.3, the CSS flaw from Safari 9.0.3, and an iOS-specific issue that made it possible for captive portals to access cookies.

iOS 9.2.1 can be installed via Settings>General>Software Update, or via iTunes on a computer.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments