Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple Patches "Trident" Vulnerabilities in OS X / Safari - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Patches "Trident" Vulnerabilities in OS X / Safari

About a week ago, Apple patched three vulnerabilities in iOS that had been used in a targeted exploit. This set of vulnerabilities, also known as "Trident," affected WebKit and the iOS kernel. Given the substantial code overlap between iOS and OS X, and in particular the fact that one of the vulnerabilities affected WebKit, it is no surprise that OS X and Safari are vulnerable as well.

Yesterday, Apple released a patch of OS X and Safari to address these issues.

The OS X update, which is only available for El Capitan and Yosemite, fixes the two kernel vulnerabilities. The Safari update which is available for OS X Mavericks and Yosemite (not the latest version, El Capitan), fixes the WebKit vulnerability.

I recommend patching these quickly given that the same vulnerabilities have already been exploited for iOS.

Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
Sep 2nd 2016
I would love to see tools released for OSX and iOS to scan for indicators of compromise; are we closing the stable door after the trojan horse has been wheeled through it?

I guess Apple would need be challenged to create the scanner for iOS as they're the ones with the permissions to do so on non-jailbroken devices. As we would like to think they are..


Sign Up for Free or Log In to start participating in the conversation!