OS X, iOS, watchOS, tvOS, Safari, Xcode were all patched

Dec 9, 2015 14:05 GMT  ·  By

Apple has launched new versions for most of its products and has included security-related bug fixes in almost each one, from the latest newcomer watchOS to the reputable iOS and Mac OS X.

Most security bugs have been fixed in Mac OS X, 54, to be more exact, with new releases for all OS versions: OS X El Capitan 10.11.2, OS X Yosemite 10.10.5, and Mavericks 10.9.5.

These issues, documented in Apple's Security Update 2015-008, have fixed vulnerabilities relating to components and services such as App Sandbox, Bluetooth, Compression, Configuration Profiles, CoreGraphics, CoreMedia Playback, EFI, File Bookmark, Hypervisor, ImageIO, Intel Graphics Driver, IOAcceleratorFamily, IOHIDFamily, IOKit SCSI, Kernel, Keychain Access, OpenGL, Sandbox, Security, and many other more.

Half of these patches were severe issues that led to situations where attackers could have run arbitrary code on affected devices.

50 issues fixed in iOS 9.2

Second on the list with most patched vulnerabilities has been the company's mobile operating system, iOS, which has gotten a serious update via the most recent 9.2 version.

Apple has fixed 50 issues in iOS 9.2, with most affecting the WebKit Web rendering engine, 10, to be more exact, all leading to remote code execution scenarios.

The WebKit issues also affected other products where the engine was embedded, such as Safari and tvOS. For Safari, outside the WebKit remote code execution flaws, the Apple team has also fixed an issue that would reveal the user's browsing history when they would visit a malicious website.

Xcode, Safari, tvOS, and watchOS also patched

Apple has also patched Xcode via the 7.2 release, this version bringing security updates made to the Git version control system, integrated with Xcode.

The company's most recent products, watchOS and tvOS, have also been updated, with 30 fixes in watchOS, and another 45 fixes in tvOS.

The vast majority of these bugs were discovered by Apple's own security team, but others contributed as well, like Google Project Zero team, Yahoo, and cyber-security vendors like Palo Alto Networks, Trend Micro, and Qihoo.