Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Apple Patches for iOS, OS X and Apple TV SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Patches for iOS, OS X and Apple TV

With yesterday's updates for iOS, OS X and Apple TV, Apple also addressed a number of security vulnerabilities, most notably the "Freak" vulnerability. After updating, the affected operating systems no longer support export quality ciphers. However, Apple browsers continue to support SSLv3 and as a result, continue to be vulnerable to POODLE.

Quick Summary of the security content of Apple's updates:

XCode 6.2: This update addresses 4 vulnerabilities in subversion and 1 in git. 

OS X: 5 vulnerabilities. The most serious of which is likely a code execution vulnerability in Keychain.

Apple TV: 3 vulnerabilities. One of which would allow an attacker to write files to the system if the user mounts a corrupt disk image.

iOS: 6 vulnerabilities. In addition to FREAK and the above mentioned Keychain problem, a vulnerability that allows an attacker with physical access to the device to see the home screen on a locked devices is patched.

For details from Apple, see

Johannes B. Ullrich, Ph.D.


4273 Posts
ISC Handler
Mar 10th 2015

Sign Up for Free or Log In to start participating in the conversation!