In the time when Windows users are suffering from WnnaCry ransomware, Apple didn’t take rest and took this seriously. Apple users are still safe but there could be a possibility because Apple products are also not immune to the hack.
SO, Apple has pushed software updates for iOS, macOS, Safari, tvOS, iCloud, iTunes, and watchOS to fix 67 of known security vulnerabilities that allowed attackers to perform remote code execution.
Apple’s macOS Sierra 10.12.5 address a total of 37 vulnerabilities including vulnerabilities in iBook that allow the execution of arbitrary code with root privileges. There was also a vulnerability in iBook that allowed an app to escape its secure sandbox.
It also fixed the serious vulnerability that allows malicious network with 802.1X authentication to capture user network credentials. There were many flaws related to Intel and Nvidia graphics drivers, along with arbitrary code execution flaws in SQLite. Mac has pushed the update and you can update your system through the App Store → Updates.
The new iOS 10.3.2 for iPhone, iPad and iPod also fixed 41 security flaws. From these 41, 23 resides in WebKit, 5 were of XSS and 27 remote code execution.
The iOS 10.3.2 also fixed flaws in iBooks that allowed execution of malicious code with root privileges. Other known flaws were issue in AVE Video Encoder and certificate validation issue in the certificate trust policy. The iOS users can go to settings -> General -> Software update to update their computer. One can connect the device to iTunes to update.
Safari 10.1.1 fixes 26 security issues, 23 of which resides in WebKit and many of these are patched in iOS updates. Rest three vulnerabilities are patched in the Safari browser update. Download the latest version of Safari from App store.
If you are using Apple watch, you should also upgrade the watchOS now. It fixes total 12 security vulnerabilities, four of these used by attackers to execute remote code execution on the affected device. To update Watch OS, open Apple Watch app -> my watch tab -> General -> Software update on their iPhone.
The tvOS 10.2.1 update patches a total of 23 vulnerabilities. 12 of these vulnerabilities resides in WebKit engine and allowed an to perform cross-site scripting and remote code execution attacks. To update tvOS, go to Settings -> System -> Update Software.
If you have iTubes and iCloud on your Windows system, you can upgrade both software now. Apple also released patches for iTunes and iCloud. Both iTunes 12.6.1 and iCloud 6.2.1 patches a single remote code execution vulnerability in WebKit for Windows 7 and later.
As I already wrote for everything individually, Patches are available through the usual automatic update channels. Update your platform and apps before hackers start exploiting these known vulnerabilities. Update now to keep yourself safe.
