Apple Releases OS X and iOS Security Updates
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Apple Announces OS X and iOS Security Updates

Apple iOS and OS X security updates
Written By
Sean Michael Kerner
Sean Michael Kerner
Jul 19, 2016
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Apple released security updates for iOS and OS X on July 18, ahead of major news releases for Apple’s desktop and mobile operating systems in the fall.

The OS X 10.11.6 update patches 60 security vulnerabilities while iOS 9.3.3 fixes 43 security issues. The new updates follows the OS X 10.11.5 and iOS 9.3.2 release in May.

Among the most prolific sources of vulnerability reports for the two Apple updates is security vendor Trend Micro, which reported 10 vulnerabilities in OS X. Trend Micro is credited with reporting four vulnerabilities in iOS: CVE-2016-1864, CVE-2016-4622, CVE-2016-4627 and CVE-2016-4628.

CVE-2016-1864 affects iOS and OS X and is a kernel-related vulnerability that could have enabled a local user to execute arbitrary code with kernel privileges. Apple is fixing two additional similar vulnerabilities in the iOS and OS X kernel that are identified as CVE-2016-1863 and CVE-2016-4582.

Another flaw affecting both iOS and OS X is CVE-2016-4635 in the Facetime messaging application. “An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated,” Apple warned in its advisory.

In the iOS 9.3.3 update is a fix for a vulnerability identified as CVE-2016-4605 in the Apple Calendar app that was reported by Dr. Henry Feldman, MD, at Beth Israel Deaconess Medical Center.

“A maliciously crafted calendar invite may cause a device to unexpectedly restart,” Apple warned in its advisory.

On OS X, Apple is patching for a persistent cookie vulnerability that was reported by Abhinav Bansal from security firm Zscaler. The issue, identified by Apple as CVE-2016-4645, is a vulnerability in the CFNetwork component that provides network protocol abstractions.

“Zscaler discovered a vulnerability in Apple’s recent OS X version (El Capitan), which enabled applications that did not have the appropriate privileges to access cookies stored in the Safari browser,” Bansal wrote in a blog post. “This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user.”

The next major updates for iOS and OS X are currently in beta, with iOS 10 and the newly rebranded MacOS Sierra.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information