Apple fixed vulnerabilities in its products
Apple has released a set of fixes for its products, updating its OS X El Captain desktop OS, EFI firmware for Mac, iOS 9, and iTunes for Windows. APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 fix closes one CVE-2015-7035 vulnerability in EFI-firmware for Mac computers, which allowed attackers to compromise one of the functions, causing it to be incorrect.
Another update, APPLE-SA-2015-10-21-1, iOS 9.1 closes 49 different vulnerabilities in iOS. Two closed vulnerabilities (CVE-2015-7015, CVE-2015-6979) are of type Elevation of Privilege and block the effectiveness of using the latest Pangu jailbreak for iOS 9, which was announced just a week ago. For iOS, several other vulnerabilities were also closed, which allowed attackers to execute illegitimate code on a device with system privileges.
')
Update APPLE-SA-2015-10-21-5 iTunes 12.3.1 for iTunes on Windows 7+ closes a number of vulnerabilities that made it possible to launch a MitM-type attack when a user visits the iTunes Store using an application. To update iTunes, use the Apple Software Update application. The application is installed automatically when you install iTunes and, as a rule, is located in the directory C: \ Program Files (x86) \ Apple Software Update.
Fig. Apple Software Update Tool Interface. If an iTunes update is present, it will be shown in the list of updates.
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 fixes a significant number of vulnerabilities in OS X El Capitan. Two El Capitan closed vulnerabilities are similar to their counterparts in Android called Stagefright, vulnerabilities in the Audio component allow attackers to remotely execute code using a specially crafted MP3 file when it is played. Jailbreak vulnerabilities similar to iOS 9 have also been fixed for El Capitan. Multiple vulnerabilities have also been fixed in the FontParser component, which is similar to the infamous Win32k.sys driver in Windows, using vulnerabilities, attackers can remotely execute code in the OS using special font files.
APPLE-SA-2015-10-21-3 update Safari 9.0.1 fixes a number of RCE vulnerabilities in the Safari web browser, using which an attacker can remotely execute code in the system. Updates are addressed to the WebKit engine. The web browser update itself, like other OS X components, is performed using the “Software Update ...” menu. To get the iOS update, go to Settings-> General-> Software Update. You can update iOS using iTunes, see here .
For a list of released updates, see here .
We encourage users to update relevant Apple products.
be secure.
Another update, APPLE-SA-2015-10-21-1, iOS 9.1 closes 49 different vulnerabilities in iOS. Two closed vulnerabilities (CVE-2015-7015, CVE-2015-6979) are of type Elevation of Privilege and block the effectiveness of using the latest Pangu jailbreak for iOS 9, which was announced just a week ago. For iOS, several other vulnerabilities were also closed, which allowed attackers to execute illegitimate code on a device with system privileges.
')
Update APPLE-SA-2015-10-21-5 iTunes 12.3.1 for iTunes on Windows 7+ closes a number of vulnerabilities that made it possible to launch a MitM-type attack when a user visits the iTunes Store using an application. To update iTunes, use the Apple Software Update application. The application is installed automatically when you install iTunes and, as a rule, is located in the directory C: \ Program Files (x86) \ Apple Software Update.
Fig. Apple Software Update Tool Interface. If an iTunes update is present, it will be shown in the list of updates.
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 fixes a significant number of vulnerabilities in OS X El Capitan. Two El Capitan closed vulnerabilities are similar to their counterparts in Android called Stagefright, vulnerabilities in the Audio component allow attackers to remotely execute code using a specially crafted MP3 file when it is played. Jailbreak vulnerabilities similar to iOS 9 have also been fixed for El Capitan. Multiple vulnerabilities have also been fixed in the FontParser component, which is similar to the infamous Win32k.sys driver in Windows, using vulnerabilities, attackers can remotely execute code in the OS using special font files.
APPLE-SA-2015-10-21-3 update Safari 9.0.1 fixes a number of RCE vulnerabilities in the Safari web browser, using which an attacker can remotely execute code in the system. Updates are addressed to the WebKit engine. The web browser update itself, like other OS X components, is performed using the “Software Update ...” menu. To get the iOS update, go to Settings-> General-> Software Update. You can update iOS using iTunes, see here .
For a list of released updates, see here .
We encourage users to update relevant Apple products.
be secure.
Source: https://habr.com/ru/post/269309/
All Articles