Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes.

Published: 2015-10-21
Last Updated: 2015-10-21 19:42:06 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Apple published one of it's usual updates for "everything". Below I took a shot at a quick summary. You can find details here https://support.apple.com/kb/HT201222

iOS 9.1

49 Vulnerabilities fixed. A number of these affect WebKit and are exploitable via Safari. The update also addresses numerous issues in the FontParser. 

WatchOS 2.0.1

14 Vulnerabilities fixed. CVE-2015-5916 looks like a repeat of what was fixed in WatchOS 2: ApplePay may allow malicious terminals to retrieve a partial transaction history.

Safari 9.0.1

9 Vulnerabilities in WebKit fixed (pretty much the same vulnerabilities fixed in iOS 9.0.1)

iTunes 12.3.1

12 Vulnerabilities fixed, 9 of which affect WebKit which is included in iTunes.

EFI

EFI contained unused functions that could be abused. This update removes these unused functions.

Apple OS X 10.11.1

41 Vulnerabilities fixed. Again WebKit and some Fontparser vulnerabilities. This update also addresses issues with open source software included in OS X like php. The Safari 9.0.1 update is included in this update.

I didn't see an update for AppleTV yet, but wouldn't be surprised if it will be released as well. At least the WebKit issues will also affect AppleTV.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
0 comment(s)
Diary Archives