Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Apple Patches Everything - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Patches Everything

And to not be outdone by Microsoft and Adobe, Apple just released patches for:

iOS 9.2

    A total of 50 vulnerabilities (CVE IDs) are addressed. About 10 of them affect WebKit and may lead to arbitrary code execution by visiting a malicious website. There are a large number of additional remote code execution vulnerabilities in various iOS components that are patched.

watchOS 2.1

   A lot of overlap with patches released for iOS, but no WebKit issues as watchOS does not include a browser.

XCode 7.2

   Updates to git, otools and IDE SCM. The git update fixes a number of vulnerablities that have been known (and fixed) in the open source software for a while.

  OS X 10.11.2 (and Security Update 2015-008 for Mavericks and Yosemite)

  updates to various open sources packages (libressl, OpenSSH, libxml2 and others). Also improvements to some hardware drivers (e.g. thunderbolt)

Safari 9.0.2

   fixes webkit issues for Yosemite, Mavericks and Ell Capitan

tvOS

   This affects the just released 4th generation Apple TV and addresses similar vulnerabilities as the new version of iOS.

Details can be found as usual here: https://support.apple.com/en-us/HT201222

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Johannes

3106 Posts
ISC Handler
Can anybody confirm this fixes the bug where notifications sometimes just stop when the screen is locked? Had this happen to myself twice, and a user once.
Anonymous

Posts
This update apparently has an issue with MDMs and managed apps. Devices currently enrolled will be unable to download managed apps unless the device is re-enrolled.

Apps already installed will work without issue.

It sounds like the fix will need to come from the MDM side, not Apple.
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!