Softpedia >News >Security >Security Fixes and Improvements
Softpedia Homepage   

Apple Releases 28 Security Fixes for iOS, OS X and Safari

Apple's January security updates bring fewer fixes than they did in December, when almost all products were patched

Jan 20, 2016 10:10 GMT  ·  By
Apple puts out security updates for the month of January
   Apple puts out security updates for the month of January

Last month, Apple released a record 179 security fixes in almost every product it had. This month, as we initially reported last night, the Cupertino-based tech giant has released just 28 security fixes, only for its iOS and Mac OS X operating systems, and Safari, the company's Web browser.

The most fixes were included with the release of OS X El Capitan 10.11.3, nine to be more exact. Some of these address critical issues that allow attackers to execute arbitrary code in the operating system's kernel via OS features like AppleGraphicsPowerManagement, IOAcceleratorFamily, Disk Images, IOHIDFamily, and IOKit.

Additionally, a security fix was also patched in the OS X kernel, which also enabled arbitrary code execution, after Apple was notified of its presence by a Google engineer from Project Zero.

Other security fixes included in OS X El Capitan 10.11.3 also address an arbitrary code execution with root privileges in the syslog function, a bug in libxslt that allowed attackers to execute code on the OS after tricking the user into visiting a malicious website, and an issue with Mac's OSA Scripts utility that allowed a quarantined application to overwrite OSA script libraries on the system.

Apple fixed 28 security bugs in total

Apple also released Safari 9.0.3 to fix five security bugs in the WebKit rendering engine that allowed attackers to execute code on the underlying operating system, after tricking the user into accessing a malicious website.

A sixth Safari issue addressed a privacy situation, where websites may know if the user has visited a given link in the past.

For iOS, Apple fixed 13 security bugs with the release of iOS version 9.2.1. Twelve of these issues were shared with OS X and Safari, like the ones in the kernel, Disk Images, IOKit, IOHIDFamily, libxslt, and syslog utilities.

The only security bug that was specific to iOS was an issue in WebSheet, which could be exploited by malicious websites to give away the user's cookies.

Between the December 2015 and January 2016 security updates, Apple also patched QuickTime on January 7, with the release of version 7.7.9 that addressed nine security bugs on Windows Vista and Windows 7.

Technical and exploitation details for all these fixes and their CVE identifiers are kept secret for now until everyone gets a chance to update their operating systems.