Tech giant Apple released multiple security upgrades yesterday for its iOS, watchOS, tvOS, and macOS systems, addressing dozens of security bugs across its devices. The iOS update fixes 41 security flaws, including some that could potentially allow a remote attacker to execute malicious code on an Apple mobile device.
The update seems to be well-timed, as most of the world is still reeling from the latest ransomeware pandemic that has been racing across the globe since late last week. While the ransomeware attack targets Windows systems, Mac users are likely to feel a little safer knowing they have the most recent security patches installed.
Mostly Security Fixes
Apple attributed almost half of the bug discoveries to Project Zero, Google's internal security and bug-hunting initiative. The most significant patch Apple released yesterday is for the macOS. The update includes several fixes to the operating systems kernel, some of which address security vulnerabilities that would allow an application to gain access to kernel privileges as well as execute arbitrary code with kernel privileges.
The iBooks application received several fixes for bugs that would have, among other things, allowed a maliciously crafted book to open Web sites on its own without user permission. Meanwhile SQLite, a relational database management system, received four separate patches for issues that could have given an attacker remote access to a user's device.
Apple's mobile operating system, iOS, also received a major security upgrade. Several of the fixes relate to similar problems as those addressed in the macOS patch, such as the SQLite vulnerabilities, and kernel and iBooks bugs. Another major component of the OS that was patched was WebKit, a component that helps power the Safari browser.
No New Functionality, But Some Glitches Fixed
The watchOS update includes improvements and bug fixes while the tvOS update provides bug fixes and other enhancements to the fourth-generation Apple TV.
WebKit received a whopping eight patches, including several that would have permitted hackers to attack a user's device through malicious Web content. The upgrade also changes the way Wi-Fi network credentials are handled to prevent having a person's username and password stolen when accessing a malicious hotspot.
The security fixes will likely be the foremost in users’ minds as they rush to update their devices, but they are not the only changes Apple rolled out yesterday. While the upgrades do not appear to include any major new functionality, they do address several performance issues that should make the user experience a bit more pleasant.
On the Macintosh platform that includes a fix for the problem where audio may stutter when played through USB headphones. The update fixes an issue affecting some enterprise and education clients that may cause the system date to be set to 2040, and also prevents a potential kernel panic from occurring when starting up from a NetInstall image. All of the updates can be downloaded over the air.
Image credit: iStock/Artist's concept.
Posted: 2017-05-16 @ 5:07pm PT
@Patricia: Those calls are NOT legit. Scammers call unsuspecting Apple users, telling them their iCloud account has been hacked. The caller claims to be from Apple's Support team, but is just trying to hack your account. DO NOT give out any info. You are smart to be cautious and concerned.
Posted: 2017-05-16 @ 5:02pm PT
@Patricia: They are probably not legitimate calls.
Posted: 2017-05-16 @ 4:59pm PT
I have received 3 phone calls regarding apple security but have not responded to them. Are these calls the real thing or am I being hoodwinked?