APPLE SECURITY UPDATE 2017 UPDATE
It also contains a certificate validation issue that cropped up when untrusted certificates were handled.Īpple advises users to update all their software as soon as possible.ĭespite the fact that Apple’s products are targeted by attackers much less often than, let’s say, Microsoft’s Windows or Google’s Android, the recent WannaCry attack has shown how crucial it is to keep up with security updates. The macOS update addresses a total of 37 vulnerabilities, including a certificate validation issue that could allow a malicious network to capture user network credentials, an iBooks flaw that could allow attackers to open arbitrary websites without user permission just by tricking users into opening a maliciously crafted book, and a number of flaws in various components that would allow an app to escape its sandbox or to gain kernel privileges.įinally, the iOS update fixes a combination of all the aforementioned flaws in WebKit, SQLite, iBooks, and other components.
APPLE SECURITY UPDATE 2017 HOW TO
Learn how to update the software on your iPhone, iPad, or iPod touch. The latest version of iOS and iPadOS is 15.3.1. Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security. The watchOS and the tvOS updates fix pretty much the same vulnerabilities, but Apple Watch users also get fixes for many of the aforementioned WebKit flaws, and a WebKit Web Inspector that could allow an application to execute unsigned code.Īmong the flaws fixed in these two updates are also four code execution flaws in the open source SQLite component, which were discovered by Google’s OSS-Fuzz project, as well as a several vulnerabilities that could allow an application to either read restricted memory, or execute arbitrary code with kernel privileges. Get the latest software updates from Apple.
One of these flaws also affects Safari, but the Apple security team fixed also a bucketload of other WebKit memory corruption issues that can be exploited in the same way and lead to either arbitrary code execution or universal cross site scripting. But both of these are critical, as they can be triggered by maliciously crafted web content and could lead to arbitrary code execution. The iTunes and iCloud for Windows updates fix one vulnerability in WebKit each.
It’s time to patch your Mac, iDevices and software again: Apple has released security updates for MacOS (all the way back to Yosemite), iOS, watchOS, tvOS, iTunes, iCloud for Windows, and Safari.