Apple fixes over 100 security vulnerabilities in El Capitan, iOS and Safari

Apple fixes over 100 security vulnerabilities in El Capitan, iOS and Safari

Apple has released fixes for over 100 security vulnerabilities across iOS 9, Safari and the recently unveiled OS X El Capitan 10.11.

The patches fix a number of security problems in popular applications, including Address Book, Game Centre, Dev Tools, Mail and Terminal.

However, the updates do not appear to address recent concerns about Apple Gatekeeper after flaws were uncovered that can be used to bypass the software to potentially install spyware or remote backdoors.

Apple also published several updates for the Safari browser. These include fixes for a flaw that could lead to interface spoofing if users are directed to a malicious website, the creation of unintended cookies for a website, and a vulnerability in safe browsing mode that blocked the ability of Safari to recognise a malicious IP.

However, most updates were reserved for El Capitan 10.11, the most recent version of Apple’s Mac operating system.

El Capitan was made available as a free download for Mac users on 30 September and supports Macs introduced in 2009 and later, and some models introduced in 2007 and 2008, running OS X 10.6.8 and above.

One critical update for El Capitan is in CoreCrypto, available for Mac OS X v10.6.8 and later, which could allow an attacker to uncover a user’s private encryption key.

“By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms,” said the Apple advisory.

Meanwhile, another vulnerability patched in El Capitan affects Game Centre and can be used by an attacker to access a user’s email address.

Furthermore, a critical fix was released for iOS 9.0.2 that patched a flaw in Lock Screen which the advisory said could allow “access to photos and contacts on a locked device”.

The update, marked CVE-2015-5923, is now available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and up.

The updates come after the discovery of XcodeGhost, a form of Apple iOS malware uncovered by Palo Alto Networks.

XcodeGhost is spread via a legitimate developer tool known as Xcode and has forced Apple to comb its official App Store for further infections.

“As soon as we recognised these apps were using potentially malicious code we took them down. Developers are quickly updating their apps for users,” Apple said following the malware disclosure.

“We have removed the apps from the App Store that we know have been created with this counterfeit software and are blocking submissions of new apps that contain this malware from entering the App Store.”

Andrew Avanessian, vice president of security firm Avecto, explained that the perception that Apple software is safe from exploitation is changing.

“For years many Apple users have watched as the Windows community was hit by large numbers of exploits and attacks,” he said.

“Whereas Windows users are used to seeing attacks that bypass features such as user account control and circumvent Windows defences, Mac users are totally unprepared.

“The widespread mentality is that Macs are inherently more secure than their Windows counterparts, but this is simply not true.”

V3 contacted Apple for further comment but had received no response at the time of publication.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

3 October 2015 | 8:10 am – Source: v3.co.uk

[ad_2]

Leave a Reply

Your email address will not be published.