Story image

Apple issues security patches for…just about everything

25 Jan 17

If you have a piece of Apple technology in your house or office, chances are that it’s time you updated it.

On Monday Apple issued security patches for all of its major operating systems – fixing vulnerabilities in iOS, macOS, watchOS, tvOS, the Safari browser, and iCloud for Windows.

iPhones and iPads, for instance, now have access to new version of the iOS operating system – version 10.2.1. In a support knowledge base article, Apple shares details of a host of vulnerabilities that iOS 10.2.1 reportedly fixes, including a flaw that allowed devices to be automatically unlocked even when users were not wearing a linked Apple Watch.

In addition, updating to iOS 10.2.1 is said to fix two very serious remote code execution flaws that Google vulnerability researchers uncovered in Apple’s code.  

Such vulnerabilities potentially, if left unpatched, could be abused by criminal hackers eager to install malware onto targeted devices.

Furthermore, 12 vulnerabilities in Webkit – the technology Apple uses to render webpages in iOS and macOS – have been fixed.

More details of these and other security fixes in iOS 10.12.1 are described on Apple’s support knowledgebase webpage. To update your iPhones and iPads, select “Settings / General / Software update”.

Macs and MacBooks haven’t escaped the wave of security patches either, with users encouraged to update to macOS Sierra 10.12.3 to protect against a variety of vulnerabilities.

The security holes addresses in macOS Sierra 10.12.13 include “multiple issues” in PHP, and a method by which an attacker may be able to exploit a weakness in Apple’s Bluetooth code to execute malicious code with kernel privileges.

In addition, the new version of macOS Sierra is said to fix a vulnerability in Help Viewer which – if left unpatched – could allow a malicious attacker to plant boobytrapped content on a webpage that would result in arbitrary code execution.

Mac users, including those still running Mac OS X Yosemite and El Capitan, are advised by Apple to update their copies of the Safari web browser to version 10.0.3. The new version of Apple’s browser fixes numerous flaws which could be exploited by attackers if users visit poisoned webpages from a vulnerable computer.

More details of these and other security fixes in macOS Sierra 10.12.13 are described on Apple’s support knowledgebase webpage.

To update your Apple desktop and laptop computers, open the “App Store” and choose “Updates” from the top right corner of the window.

Meanwhile watchOS (updated to version 3.0.3) and tvOS (updating Apple TV devices to version 10.1.1 of the operating system) also received fixes, including fixes for flaws that could see maliciously crafted content leading to arbitrary code execution.

My view is that if Apple is treating the security vulnerabilities seriously, and pushing the patch out to the masses, then you should take them seriously too.

Although there is an argument that it’s unwise to be one of the very first to install a security update, in case the code is buggy or causes conflicts, for most people it probably makes sense to install the updates at the earliest opportunity.

Patches and security updates are an essential part of your arsenal of weaponry, defending you from online attack. Combined with other security solutions you can harden your systems and reduce the chances of a hacker stealing your records or hijacking your online identity.

Although it would have been better if these software bugs had not been present in the first place, Apple should be applauded for addressing the security holes and helping to make their users safer.

A notable rival smartphone operating system has had a much more chequered history when it comes to making security updates available to users.

Article by Graham Cluley, We Live Security, ESET 

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.