Apple Patches Multiple Vulnerabilities
Wednesday, July 20, 2016 @ 01:07 PM gHale
Apple released security updates for a wide assortment of its product lines.
Updates went out for OS X, iOS, watchOS, tvOS, Safari, iTunes and iCloud.
OS X El Capitan 10.11.6 fixed 60 security bugs affecting components such as audio, CFNetwork, CoreGraphics, FaceTime, graphics drivers, ImageIO, the kernel, the login window, OpenSSL, QuickTime, sandbox profiles, and the libxml2 and libxslt libraries.
The CFNetwork vulnerability, tracked as CVE-2016-4645, was reported to Apple by Abhinav Bansal of Zscaler. The security firm published a blog post saying the vulnerability allows unprivileged applications to access cookies stored in the Safari browser.
In the case of iOS, version 9.3.3 fixes 43 vulnerabilities, including many that also affect OS X. One of the flaws specific to iOS allows an attacker with physical access to a device to abuse Siri to view private contact information.
Since watchOS and tvOS are heavily based on iOS, much of the vulnerabilities patched in iOS also ended up fixed in the Apple Watch and Apple TV operating systems. Safari 9.1.2 patches a dozen security holes in the WebKit engine.