Apple Patches for iOS, OS X and Apple TV - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Johannes Ullrich

Threat Level: green

Apple Patches for iOS, OS X and Apple TV
With yesterday's updates for iOS, OS X and Apple TV, Apple also addressed a number of security vulnerabilities, most notably the "Freak" vulnerability. After updating, the affected operating systems no longer support export quality ciphers. However, Apple browsers continue to support SSLv3 and as a result, continue to be vulnerable to POODLE. Quick Summary of the security content of Apple's updates: XCode 6.2: This update addresses 4 vulnerabilities in subversion and 1 in git. OS X: 5 vulnerabilities. The most serious of which is likely a code execution vulnerability in Keychain. Apple TV: 3 vulnerabilities. One of which would allow an attacker to write files to the system if the user mounts a corrupt disk image. iOS: 6 vulnerabilities. In addition to FREAK and the above mentioned Keychain problem, a vulnerability that allows an attacker with physical access to the device to see the home screen on a locked devices is patched. For details from Apple, see https://support.apple.com/en-us/HT1222 --- Johannes B. Ullrich, Ph.D. STI\|Twitter\|LinkedIn I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS San Francisco Winter 2022	Johannes 4600 Posts ISC Handler Mar 10th 2015
Thread locked Subscribe	Mar 10th 2015 7 years ago