Three must-have updates for all Apple customers

Nov 22, 2014 14:23 GMT  ·  By

A rundown of this week’s software updates from Cupertino, California reveals that Apple has quietly patched a total of 15 flaws in its mobile, desktop, and TV software. These seemingly unimportant updates are actually must-have for users who take security matters seriously.

Released unceremoniously as part of the three major updates deployed this week, the 15 vulnerabilities addressed in Apple’s software are actually important flaws that got overlooked by the media.

Sifting through the advisories

In Apple TV 7.0.2, three holes were closed. One would allow an attacker with a privileged network position to cause “an unexpected application termination or arbitrary code execution.” Another, would theoretically enable a local user “to execute unsigned code,” and yet another would allow a maliciously-crafted app (malware, in short) to “be able to execute arbitrary code with system privileges.”

OS X Yosemite v10.10.1 chalks off four security concerns off the blackboard in areas like CFNetwork, the system-wide search Spotlight feature, System Profiler, and the heart and soul of iTunes and Safari - WebKit. The System Profile bug is important. Apple says that About This Mac included “unnecessary information” as part of a connection to its servers to determine the system model. By removing some cookies from the connection, the issue was successfully addressed.

Lastly, but probably most importantly, iOS 8.1.1 patches twice as more vulnerabilities, eight in total, two of which were actually uncovered by the very team of hackers who coded the Pangu jailbreak for iOS 8. Apple credits them in the advisory titled “About the security content of iOS 8.1.1.”

The first of these two flaws leveraged a state management issue in the handling of Mach-O executable files with overlapping segments. By improving validation of segment sizes, Apple closed the hole. The second one used a validation issue in the handling of metadata fields of IOSharedDataQueue objects, which opened up the OS to hacking. “This issue was addressed through relocation of the metadata,” Apple said.

Low profile

Apple rarely makes a big case out of the security issues addressed in its software, which might make it look as if the company’s doesn’t want to draw attention to the “entry” points to their platforms.

In reality, these disclosures are actually quite visible for parties interested in the security side of Apple devices and their underlying software. Compared to Windows and Android, these 15 flaws addressed by Apple this week are but a mere speck on cybercriminals’ radars.

Photo Gallery (2 Images)

Apple security
Security documentation
Open gallery