SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Apple issues security patches for…just about everything

Wed, 25th Jan 2017
FYI, this story is more than a year old

If you have a piece of Apple technology in your house or office, chances are that it's time you updated it.

On Monday Apple issued security patches for all of its major operating systems – fixing vulnerabilities in iOS, macOS, watchOS, tvOS, the Safari browser, and iCloud for Windows.

iPhones and iPads, for instance, now have access to new version of the iOS operating system – version 10.2.1. In a support knowledge base article, Apple shares details of a host of vulnerabilities that iOS 10.2.1 reportedly fixes, including a flaw that allowed devices to be automatically unlocked even when users were not wearing a linked Apple Watch.

In addition, updating to iOS 10.2.1 is said to fix two very serious remote code execution flaws that Google vulnerability researchers uncovered in Apple's code.

Such vulnerabilities potentially, if left unpatched, could be abused by criminal hackers eager to install malware onto targeted devices.

Furthermore, 12 vulnerabilities in Webkit – the technology Apple uses to render webpages in iOS and macOS – have been fixed.

More details of these and other security fixes in iOS 10.12.1 are described on Apple's support knowledgebase webpage. To update your iPhones and iPads, select "Settings / General / Software update".

Macs and MacBooks haven't escaped the wave of security patches either, with users encouraged to update to macOS Sierra 10.12.3 to protect against a variety of vulnerabilities.

The security holes addresses in macOS Sierra 10.12.13 include "multiple issues" in PHP, and a method by which an attacker may be able to exploit a weakness in Apple's Bluetooth code to execute malicious code with kernel privileges.

In addition, the new version of macOS Sierra is said to fix a vulnerability in Help Viewer which – if left unpatched – could allow a malicious attacker to plant boobytrapped content on a webpage that would result in arbitrary code execution.

Mac users, including those still running Mac OS X Yosemite and El Capitan, are advised by Apple to update their copies of the Safari web browser to version 10.0.3. The new version of Apple's browser fixes numerous flaws which could be exploited by attackers if users visit poisoned webpages from a vulnerable computer.

More details of these and other security fixes in macOS Sierra 10.12.13 are described on Apple's support knowledgebase webpage.

To update your Apple desktop and laptop computers, open the "App Store" and choose "Updates" from the top right corner of the window.

Meanwhile watchOS (updated to version 3.0.3) and tvOS (updating Apple TV devices to version 10.1.1 of the operating system) also received fixes, including fixes for flaws that could see maliciously crafted content leading to arbitrary code execution.

My view is that if Apple is treating the security vulnerabilities seriously, and pushing the patch out to the masses, then you should take them seriously too.

Although there is an argument that it's unwise to be one of the very first to install a security update, in case the code is buggy or causes conflicts, for most people it probably makes sense to install the updates at the earliest opportunity.

Patches and security updates are an essential part of your arsenal of weaponry, defending you from online attack. Combined with other security solutions you can harden your systems and reduce the chances of a hacker stealing your records or hijacking your online identity.

Although it would have been better if these software bugs had not been present in the first place, Apple should be applauded for addressing the security holes and helping to make their users safer.

A notable rival smartphone operating system has had a much more chequered history when it comes to making security updates available to users.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X