Security Market Segment LS
Tuesday, 17 May 2016 13:14

Apple updates OS X, iOS, tvOS, watchOS and more


Apple released multiple software updates overnight with an emphasis on security.

OS X 10.11.5 and the corresponding Security Update 2016-003 for OS X 10.10 address a laundry list of security issues affecting a variety of system components.

These issues variously provide opportunities for the execution of arbitrary code with kernel privileges (extremely bad), execution of arbitrary code with system privileges (very bad), execution of arbitrary code, exposure of kernel memory layout, access to kernel memory, denial of service, and information leakage.

More unusual issues include a failure to encrypt disk images, an opportunity to modify another user's contact list, and an opportunity to reset an expired password from the lock screen.

In all, the OS X updates address nearly 70 distinct issues, with at least 29 of them linked to arbitrary code execution.

Safari 9.1.1 for OS X Mavericks, Yosemite and El Capitan (included with the 10.11.5 update) addresses a relatively small number of security issues.

They concern incomplete deletion of browsing history, a problem with the handling of SVG files that could lead to cross-site data disclosure, and multiple memory corruption issues that could allow arbitrary code execution.

A handful of other OS X applications received updates.

Updates to the Keynote, Numbers and Pages productivity applications for OS X provided the usual unspecified "stability improvements and bug fixes."

iTWire has already reported the release of iTunes 12.4.

Turning from Apple's computers to its device lineup, the iOS 9.3.2 update addresses nearly 40 vulnerabilities including opportunities for arbitrary code execution and information leakage.

Examples include an issue that allowed access to contacts and photos from the lock screen via Siri, and another that resulted in a failure to completely delete Safari's browsing history (as also exhibited by OS X).

Several of the same vulnerabilities also affected watchOS and have been addressed by the 2.2.1 update.

The fourth generation Apple TV also received an extensive list of security patches - including several for arbitrary code execution issues - in the form of tvOS 9.2.1. There was no indication of updates for earlier models.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments