Apple Patches Vulnerabilities

Friday, May 20, 2016 @ 03:05 PM gHale


Apple issued a patch for OS X, iOS, iTunes, Safari, tvOS and watchOS this week fixing a boatload of vulnerabilities.

A total of 39 CVE identifiers have been assigned to the flaws affecting Apple’s iOS mobile operating system. iOS 9.3.2 resolves vulnerabilities that can lead to information disclosure, arbitrary code execution, and denial-of-service (DoS).

RELATED STORIES
Apple Revises Xcode to Patch Git Holes
Apple Ends QuickTime for Windows Support
Patching Tool Under Scrutiny
Corporate iOS Devices Targeted

Last month, researchers found a way to bypass the lockscreen on the iPhone 6s and access photos and contacts by using Siri to conduct an online search for email addresses via Twitter.

Apple said at the time it addressed the issue through a server-side fix, but it appears the company has now also rolled out an iOS patch by disabling data detectors in Twitter results.

The fixed vulnerabilities with the release of OS X El Capitan 10.11.5 ended up assigned 67 CVE identifiers.

The flaws addressed in OS X can end up exploited to execute arbitrary code with root or kernel privileges, for DoS attacks, and to access potentially sensitive user information. Apple has also patched the TLS issue known as DROWN.

Safari 9.1.1 patches seven WebKit vulnerabilities that can end up exploited for information disclosure and arbitrary code execution.

One flaw that can lead to arbitrary code execution ended up resolved by Apple with the release of iTunes 12.4.

Since the Apple TV operating system tvOS and the Apple Watch operating system watchOS use iOS, the vulnerabilities fixed with the release of watchOS 2.2.1 and tvOS 9.2.1 are mostly the same as the ones patched in iOS.