Log in or Sign up

Apple security updates

Discussion in 'other security issues & news' started by ronjor, Sep 18, 2014.

Page 1 of 11

ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

This document outlines security updates for Apple products.

Xcode 6.0.1 OS X Mavericks v10.9.4 or later 17 Sept 2014

Apple TV 7 Apple TV 3rd generation and later 17 Sept 2014

iOS 8 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 17 Sept 2014
Click to expand...

http://support.apple.com/kb/HT1222

ronjor, Sep 18, 2014

#1
siljaline Registered Member

Joined:

Jun 29, 2003

Posts:

6,618

About the security content of iOS 8 | This document describes the security content of iOS 8.
http://support.apple.com/kb/HT6441

siljaline, Sep 19, 2014

#2
siljaline Registered Member

Joined:

Jun 29, 2003

Posts:

6,618

Siri Lets Anyone Bypass Your iPhone's Lockscreen -- Feature or Bug?
http://www.forbes.com/sites/kashmir...ypass-your-iphones-lockscreen-feature-or-bug/

siljaline, Sep 21, 2014

#3
siljaline Registered Member

Joined:

Jun 29, 2003

Posts:

6,618

Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack

Apple’s shiny new iPhone 6 can be spoofed with the same fake fingerprints that tricked its older sibling, the iPhone 5S.
That's according to mobile security firm Lookout, which said it discovered that it is possible to create a fake fingerprint that's capable of fooling the TouchID fingerprint sensor of the latest iPhones (6 and 6 Plus are apparently equally vulnerable).
Click to expand...

http://www.theregister.co.uk/2014/09/23/iphone_6_still_vulnerable_to_touchid_fingerprint_hack/

siljaline, Sep 23, 2014

#4
siljaline Registered Member

Joined:

Jun 29, 2003

Posts:

6,618

Loss of cellular service or ability to use Touch ID after updating to iOS 8.0.1 on iPhone 6 or iPhone 6 Plus
• This is a proposed Apple workaround and not a fix •
http://support.apple.com/kb/HT6487

siljaline, Sep 25, 2014

#5
siljaline Registered Member

Joined:

Jun 29, 2003

Posts:

6,618

iPhone owners rip Apple over botched iOS update

iPhone owners are angry. Really really angry.
"In my 25 years of using Apple products I have never experienced such a complete lack of attention to detail from them," said someone identified only as Dillinger in one of several hundred messages on an Apple support discussion thread. [...]
Click to expand...

http://www.networkworld.com/article...owners-rip-apple-over-botched-ios-update.html

siljaline, Sep 26, 2014

#6
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Apple patches “Shellshock” Bash bug in OS X 10.9, 10.8, and 10.7
Fixes Bash bug discovered last week that's already been seen in the wild.

by Andrew Cunningham - Sept 29 2014, 6:00pm CST
Click to expand...

http://arstechnica.com/apple/2014/09/apple-patches-shellshock-bash-bug-in-os-x-10-9-10-8-and-10-7/

ronjor, Sep 29, 2014

#7
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Apple updates XProtect to kill iWorm botnet threat
Posted on 06.10.2014

Zeijka Zorz

Apple has released an update for its XProtect anti-malware system which makes it detect three different version of the iWorm OS backdoor malware discovered last week by AV specialists from Dr. Web.
Click to expand...

http://www.net-security.org/malware_news.php?id=2878

ronjor, Oct 6, 2014

#8
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Obtaining OS X

Information about obtaining OS X (client) can be found here. Information about obtaining OS X Server can be found here.
Click to expand...

http://support.apple.com/kb/HT1222

ronjor, Oct 18, 2014

#9
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

OS X Yosemite: List of available trusted root certificates
Click to expand...

http://support.apple.com/kb/HT6005

ronjor, Oct 18, 2014

#10
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Apple security updates 20 Oct 2014

This document outlines security updates for Apple products.

Apple TV 3rd generation and later 20 Oct 2014
iOS 8.1 iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later 20 Oct 2014
iTunes 12.0.1 Windows 8, Windows 7, Vista, XP SP2 or later 16 Oct 2014
OS X Server v2.2.5 OS X Mountain Lion v10.8.5 16 Oct 2014
OS X Server v3.2.2 OS X Mavericks v10.9.5 or later 16 Oct 2014
OS X Server v4.0 OS X Yosemite v10.10 16 Oct 2014
Security Update 2014-005 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 16 Oct 2014
OS X Yosemite v10.10 Mac OS X v10.6.8 and later 16 Oct 2014
Click to expand...

https://support.apple.com/kb/HT1222

ronjor, Oct 20, 2014

#11
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Apple TV 7.0.2 17 Nov 2014
OS X Yosemite v10.10.1 17 Nov 2014
iOS 8.1.1 17 Nov 2014
Click to expand...

http://support.apple.com/en-us/HT1222

ronjor, Nov 18, 2014

#12
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

by Michael Mimoso

Apple last night for the first time pushed an automated patch to Mac OS X users, taking care of critical Network Time Protocol (NTP) vulnerabilities.
Click to expand...

http://threatpost.com/apple-patches-ntp-vulnerabilities-in-first-automated-patch/110090

ronjor, Dec 23, 2014

#13
siljaline Registered Member

Joined:

Jun 29, 2003

Posts:

6,618

The Apple support link - in case anyone missed it.
http://support.apple.com/en-us/HT6601

Also from Reuters -
Apple pushes first ever automated security update to Mac users
http://www.reuters.com/article/2014/12/23/us-apple-cybersecurity-idUSKBN0K108W20141223

siljaline, Dec 24, 2014

#14
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

New OS X Yosemite version fixes critical security issues, including Thunderstrike
Posted on 28 January 2015.

Apple has released the latest version of OS X Yosemite (v10.10.2) and the first security update (2015-001) for this year, and among the problems fixed is one affecting the CPU software, allowing malicious Thunderbolt devices to modify the host firmware if connected during an EFI update.
Click to expand...

http://www.net-security.org/secworld.php?id=17884

About the OS X Yosemite v10.10.2 Update

ronjor, Jan 28, 2015

#15
siljaline Registered Member

Joined:

Jun 29, 2003

Posts:

6,618

About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001
http://support.apple.com/en-us/HT204244

siljaline, Jan 28, 2015

#16
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

By Eduard Kovacs on March 18, 2015

Apple announced on Tuesday that is has addressed multiple security holes with the release of Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4.
Click to expand...

http://www.securityweek.com/apple-fixes-webkit-vulnerabilities-release-safari-804

ronjor, Mar 18, 2015

#17
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Apple security updates 08 Apr 2015

This document describes recent updates and releases.
Click to expand...

https://support.apple.com/en-us/HT201222

ronjor, Apr 8, 2015

#18
mirimir Registered Member

Joined:

Oct 1, 2011

Posts:

9,252

The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system.

The intention was probably to serve the “System Preferences” app and systemsetup (command-line tool), but any user process can use the same functionality.

Apple has now released OS X 10.10.3 where the issue is resolved. OS X 10.9.x and older remain vulnerable, since Apple decided not to patch these versions. We recommend that all users upgrade to 10.10.3.
Click to expand...

https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

mirimir, Apr 9, 2015

#19
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Yosemite 10.10.3 breaks some applications and HTTPS sites

By Martin Heller

On the other hand, users and software developers alike expect minor version upgrades to fix bugs and introduce only new features that don't break stuff. But that's not the case with Yosemite 10.10.3, which broke a number of HTTPS websites, Web services, and applications that download content from those sites and services.
Click to expand...

http://www.infoworld.com/article/29...breaks-some-applications-and-https-sites.html

ronjor, Apr 17, 2015

#20
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Failed Apple Rootpipe Fix Leaves Backdoor On All Macs, Researchers Claim

4/19/2015 Thomas Fox-Brewster
Forbes Staff

Patrick Wardle, a former NSA staffer who now heads up research at security firm Synack, said he was on a flight when he discovered he was still able to exploit the Rootpipe vulnerability, which essentially opened up a path to the highest privilege level, known as root access.
Click to expand...

http://www.forbes.com/sites/thomasbrewster/2015/04/19/apple-fails-to-patch-rootpipe/

ronjor, Apr 21, 2015

#21
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Apple releases tons of security updates for recent flaws and exploits

Glenn Fleishman (Macworld.com) on 01 July, 2015 10:53

You can find the full list of security issues on pages for iOS 8.4 and OS X 10.10.4, which also includes items in Security Update 2015-005 for older OS X releases.
Click to expand...

http://www.cso.com.au/article/578734/apple-releases-tons-security-updates-recent-flaws-exploits/

https://support.apple.com/en-us/HT204941

https://support.apple.com/en-us/HT204942

ronjor, Jul 1, 2015

#22
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

Adobe Flash Player updates address a recently identified Adobe Flash Player web plug-in vulnerability.
Click to expand...

https://support.apple.com/en-us/HT202681

ronjor, Jul 11, 2015

#23
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

This document outlines security updates for Apple products.

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

This document describes recent updates and releases.
Click to expand...

https://support.apple.com/en-us/HT201222

ronjor, Aug 13, 2015

#24
ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

131,417

Location:

Texas

QuickTime 7.7.8
QuickTime
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.
Click to expand...

https://support.apple.com/en-us/HT205046

ronjor, Aug 23, 2015

#25

(You must log in or sign up to reply here.)

Page 1 of 11

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...