Security Market Segment LS
Tuesday, 24 January 2017 14:38

Another raft of security updates from Apple Featured

By

Apple has released updates for iOS, macOS and other products to fix a number of security issues.

Given the commonality among macOS, iOS, watchOS and tvOS, it's not surprising that security fixes for each operating system arrive at much the same time.

Overnight, Apple released iOS 10.2.1, macOS 10.12.3, watchOS 3.1.3 and watchOS 10.1.1.

iOS 10.2.1 includes 18 security fixes. A dozen concern WebKit (the framework used by the Safari browser and other applications that render HTML), three others might be exploitable to execute arbitrary code, and one could allow the Auto Unlock function to operate even when the associated Apple Watch had been removed from the user's wrist.

macOS 10.12.3 addresses 12 vulnerabilities, including three in PHP and one in Vim. The others variously allowed maliciously crafted files to execute arbitrary code or obtain information about the memory layout. A solitary WebKit fix blocks a method that websites could exploit to open popups contrary to the user's settings.

More than 30 vulnerabilities have been fixed in watchOS 3.1.3, including the other side of the Auto Unlock issue, an issue that allowed existing files to be overwritten, and a flaw that could allow certificates to be incorrectly treated as trusted.

The dozen vulnerabilities addressed by tvOS 10.1.1 are generally common to one or more of Apple's other operating systems, with eight of them involving the potential for maliciously crafted files or web content to execute malicious code. The others involved issues such as privilege escalation and data exfiltration.

The changes aren't all about security.

macOS Sierra 10.12.3 is said to improve automatic graphics switching on the 15-inch October 2016 MacBook Pro, resolve graphics issues while encoding Adobe Premiere Pro projects on 13in and 15in MacBook Pro with Touch Bar, fix an issue that prevented the searching of scanned PDF documents in Preview and another regarding compatibility of PDF documents exported with encryption enabled, and fix an issue that prevented some third-party applications from correctly importing images from digital cameras.

For enterprise users, it also resolves an issue where network or cached user accounts (eg, Active Directory accounts) using the maxFailedLoginAttempts password policy were becoming disabled.

iTunes 12.5.5 provides "minor app and performance improvements" but there's no mention of security fixes.

New versions of Safari (10.0.3), iCloud for Windows (6.1.1) and iTunes for Windows (12.5.5) also arrived. The two Windows products incorporate certain functionality from Apple's operating systems, and so tend to be updated more or less simultaneously.

Safari 10.0.3 for Yosemite, El Capitan and Sierra provides fixes for 12 vulnerabilities, several of them also seen in one or more of the OS updates. One of the more interesting issues fixed previously allowed malicious websites to spoof the address bar, giving users a false sense of security.

iCloud for Windows 6.1.1 and iTunes for Windows 12.5.5 each include four WebKit fixes for issues that might be exploited to execute arbitrary code.

The updates can be variously obtained via the Mac App Store, Software Update, iTunes, the Apple Downloads page and the iTunes download page.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments