Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes.

Apple published one of it's usual updates for "everything". Below I took a shot at a quick summary. You can find details here

iOS 9.1

49 Vulnerabilities fixed. A number of these affect WebKit and are exploitable via Safari. The update also addresses numerous issues in the FontParser. 

WatchOS 2.0.1

14 Vulnerabilities fixed. CVE-2015-5916 looks like a repeat of what was fixed in WatchOS 2: ApplePay may allow malicious terminals to retrieve a partial transaction history.

Safari 9.0.1

9 Vulnerabilities in WebKit fixed (pretty much the same vulnerabilities fixed in iOS 9.0.1)

iTunes 12.3.1

12 Vulnerabilities fixed, 9 of which affect WebKit which is included in iTunes.


EFI contained unused functions that could be abused. This update removes these unused functions.

Apple OS X 10.11.1

41 Vulnerabilities fixed. Again WebKit and some Fontparser vulnerabilities. This update also addresses issues with open source software included in OS X like php. The Safari 9.0.1 update is included in this update.

I didn't see an update for AppleTV yet, but wouldn't be surprised if it will be released as well. At least the WebKit issues will also affect AppleTV.

Johannes B. Ullrich, Ph.D.

I will be teaching next: Intrusion Detection In-Depth - SANS London October 2021


4246 Posts
ISC Handler
Oct 21st 2015

Sign Up for Free or Log In to start participating in the conversation!