Apple Announces OS X and iOS Security Updates

Fixing security glitches, Apple's OS X 10.11.6 and iOS 9.3.3 came out ahead of the company's major product announcements expected next fall.

Apple iOS and OS X security updates

Apple released security updates for iOS and OS X on July 18, ahead of major news releases for Apple's desktop and mobile operating systems in the fall.

The OS X 10.11.6 update patches 60 security vulnerabilities while iOS 9.3.3 fixes 43 security issues. The new updates follows the OS X 10.11.5 and iOS 9.3.2 release in May.

Among the most prolific sources of vulnerability reports for the two Apple updates is security vendor Trend Micro, which reported 10 vulnerabilities in OS X. Trend Micro is credited with reporting four vulnerabilities in iOS: CVE-2016-1864, CVE-2016-4622, CVE-2016-4627 and CVE-2016-4628.

CVE-2016-1864 affects iOS and OS X and is a kernel-related vulnerability that could have enabled a local user to execute arbitrary code with kernel privileges. Apple is fixing two additional similar vulnerabilities in the iOS and OS X kernel that are identified as CVE-2016-1863 and CVE-2016-4582.

Another flaw affecting both iOS and OS X is CVE-2016-4635 in the Facetime messaging application. "An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated," Apple warned in its advisory.

In the iOS 9.3.3 update is a fix for a vulnerability identified as CVE-2016-4605 in the Apple Calendar app that was reported by Dr. Henry Feldman, MD, at Beth Israel Deaconess Medical Center.

"A maliciously crafted calendar invite may cause a device to unexpectedly restart," Apple warned in its advisory.

On OS X, Apple is patching for a persistent cookie vulnerability that was reported by Abhinav Bansal from security firm Zscaler. The issue, identified by Apple as CVE-2016-4645, is a vulnerability in the CFNetwork component that provides network protocol abstractions.

"Zscaler discovered a vulnerability in Apple's recent OS X version (El Capitan), which enabled applications that did not have the appropriate privileges to access cookies stored in the Safari browser," Bansal wrote in a blog post. "This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user."

The next major updates for iOS and OS X are currently in beta, with iOS 10 and the newly rebranded MacOS Sierra.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.