October 22, 2015 at 12:29Apple fixed vulnerabilities in its products
Apple has released a patch set for its products by updating its desktop OS OS X El Captain, EFI firmware for Mac, iOS 9, and iTunes for Windows. Update APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 closes one vulnerability CVE-2015-7035 in the EFI-firmware for Mac computers, which allowed attackers to compromise one of the functions, causing it to be incorrect.
Another update APPLE-SA-2015-10-21-1 iOS 9.1closes 49 different vulnerabilities in iOS. Two closed vulnerabilities (CVE-2015-7015, CVE-2015-6979) are of the Elevation of Privilege type and block the efficiency of using the latest Pangu jailbreak for iOS 9, which was announced just a week ago. For iOS, several other vulnerabilities were also closed that allowed attackers to execute illegitimate code on a device with system privileges.
Update APPLE-SA-2015-10-21-5 iTunes 12.3.1for iTunes on Windows 7+ closes a number of vulnerabilities that made it possible to carry out an attack like MitM when a user visited the iTunes Store using the application. To update iTunes, use the Apple Software Update application. The application is installed automatically during the installation of iTunes and, as a rule, is located in the C: \ Program Files (x86) \ Apple Software Update directory.
Fig. The interface of the Apple Software Update tool. If an iTunes update is present, it will be shown in the list of updates.
Update APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007closes a significant number of vulnerabilities in OS X El Capitan. Two vulnerabilities closed for El Capitan are similar to their counterparts in Android called Stagefright, vulnerabilities in the Audio component allow attackers to remotely execute code using a specially crafted MP3 file when it is played. Similar to iOS 9, jailbreak vulnerabilities have also been fixed for El Capitan. Numerous vulnerabilities have also been fixed in the FontParser component, which is similar to the notorious Win32k.sys driver in Windows, using vulnerabilities, attackers can remotely execute code in the OS using special font files.
Update APPLE-SA-2015-10-21-3 Safari 9.0.1fixes a number of RCE vulnerabilities in the Safari web browser, with the help of which an attacker could remotely execute code on the system. Updates are addressed to the WebKit engine. The update of the web browser itself, as well as other components of OS X, is performed using the menu "Software Update ...". To receive an iOS update, go to Settings-> General-> Software Update. You can also update iOS using iTunes, see here .
See the list of released updates here .
We recommend that users update their Apple products.
be secure.
Another update APPLE-SA-2015-10-21-1 iOS 9.1closes 49 different vulnerabilities in iOS. Two closed vulnerabilities (CVE-2015-7015, CVE-2015-6979) are of the Elevation of Privilege type and block the efficiency of using the latest Pangu jailbreak for iOS 9, which was announced just a week ago. For iOS, several other vulnerabilities were also closed that allowed attackers to execute illegitimate code on a device with system privileges.
Update APPLE-SA-2015-10-21-5 iTunes 12.3.1for iTunes on Windows 7+ closes a number of vulnerabilities that made it possible to carry out an attack like MitM when a user visited the iTunes Store using the application. To update iTunes, use the Apple Software Update application. The application is installed automatically during the installation of iTunes and, as a rule, is located in the C: \ Program Files (x86) \ Apple Software Update directory.
Fig. The interface of the Apple Software Update tool. If an iTunes update is present, it will be shown in the list of updates.
Update APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007closes a significant number of vulnerabilities in OS X El Capitan. Two vulnerabilities closed for El Capitan are similar to their counterparts in Android called Stagefright, vulnerabilities in the Audio component allow attackers to remotely execute code using a specially crafted MP3 file when it is played. Similar to iOS 9, jailbreak vulnerabilities have also been fixed for El Capitan. Numerous vulnerabilities have also been fixed in the FontParser component, which is similar to the notorious Win32k.sys driver in Windows, using vulnerabilities, attackers can remotely execute code in the OS using special font files.
Update APPLE-SA-2015-10-21-3 Safari 9.0.1fixes a number of RCE vulnerabilities in the Safari web browser, with the help of which an attacker could remotely execute code on the system. Updates are addressed to the WebKit engine. The update of the web browser itself, as well as other components of OS X, is performed using the menu "Software Update ...". To receive an iOS update, go to Settings-> General-> Software Update. You can also update iOS using iTunes, see here .
See the list of released updates here .
We recommend that users update their Apple products.
be secure.