Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes.

Apple published one of it's usual updates for "everything". Below I took a shot at a quick summary. You can find details here https://support.apple.com/kb/HT201222

iOS 9.1

49 Vulnerabilities fixed. A number of these affect WebKit and are exploitable via Safari. The update also addresses numerous issues in the FontParser. 

WatchOS 2.0.1

14 Vulnerabilities fixed. CVE-2015-5916 looks like a repeat of what was fixed in WatchOS 2: ApplePay may allow malicious terminals to retrieve a partial transaction history.

Safari 9.0.1

9 Vulnerabilities in WebKit fixed (pretty much the same vulnerabilities fixed in iOS 9.0.1)

iTunes 12.3.1

12 Vulnerabilities fixed, 9 of which affect WebKit which is included in iTunes.

EFI

EFI contained unused functions that could be abused. This update removes these unused functions.

Apple OS X 10.11.1

41 Vulnerabilities fixed. Again WebKit and some Fontparser vulnerabilities. This update also addresses issues with open source software included in OS X like php. The Safari 9.0.1 update is included in this update.

I didn't see an update for AppleTV yet, but wouldn't be surprised if it will be released as well. At least the WebKit issues will also affect AppleTV.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

Johannes

3551 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!