My next class:

Apple Patches Everything

Published: 2015-12-08. Last Updated: 2015-12-08 19:15:30 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

And to not be outdone by Microsoft and Adobe, Apple just released patches for:

iOS 9.2

    A total of 50 vulnerabilities (CVE IDs) are addressed. About 10 of them affect WebKit and may lead to arbitrary code execution by visiting a malicious website. There are a large number of additional remote code execution vulnerabilities in various iOS components that are patched.

watchOS 2.1

   A lot of overlap with patches released for iOS, but no WebKit issues as watchOS does not include a browser.

XCode 7.2

   Updates to git, otools and IDE SCM. The git update fixes a number of vulnerablities that have been known (and fixed) in the open source software for a while.

  OS X 10.11.2 (and Security Update 2015-008 for Mavericks and Yosemite)

  updates to various open sources packages (libressl, OpenSSH, libxml2 and others). Also improvements to some hardware drivers (e.g. thunderbolt)

Safari 9.0.2

   fixes webkit issues for Yosemite, Mavericks and Ell Capitan

tvOS

   This affects the just released 4th generation Apple TV and addresses similar vulnerabilities as the new version of iOS.

Details can be found as usual here: https://support.apple.com/en-us/HT201222

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
2 comment(s)
My next class:

Comments

Can anybody confirm this fixes the bug where notifications sometimes just stop when the screen is locked? Had this happen to myself twice, and a user once.
This update apparently has an issue with MDMs and managed apps. Devices currently enrolled will be unable to download managed apps unless the device is re-enrolled.

Apps already installed will work without issue.

It sounds like the fix will need to come from the MDM side, not Apple.

Diary Archives