On Monday Apple released a cumulative update to its core operating system that fixes many security vulnerabilities in iPhone, iPad, Mac, Apple Watch and Apple TV.
According to Securitylab, the latest version of OS X Yosemite 10.11.6 eliminates a total of 60 gaps in the various components of the software platform. In particular, the patch improved the security components CFNetwork, coregraphics framework, FaceTime, ImageIO, implementation, OpenSSL, libraries, libxml2 and libxslt, as well as the kernel and graphics drivers.
Among others were eliminated, CVE-2016-4645 component in CFNetwork, which allows an unprivileged application to access the cookies in the Safari browser. Proekspluatirovat this problem, a malicious app could steal the cookies and interact with the sites under the guise of the user. In the case of electronic mail, a malicious application can get access to all the users ‘ emails and sites containing sensitive data, said Zscaler researchers who discovered the vulnerability.
IOS 9.3.3 intended for iPhone, iPad and iPod touch, resolves a total of 43 vulnerabilities, many of which affect OS X. One of the problems is specific to Apple’s mobile platform and allows an attacker with physical access to the iPhone to remember proekspluatirovat virtual assistant Siri to view the private contact information.
In updates iCloud 5.2.1 for Windows and iTunes for Windows 12.4.2 fixed 15 vulnerabilities in libxml2 and libxslt libraries related to memory corruption and the possibility of disclosure of important data.