It's been a while since we've received an update from Apple regarding security patches. In fact, the last big Apple patch was issued back in January. And, that's one of the reasons why this story is so big.
Yesterday, Apple made the announcement that a series of patches were being issued for nearly all of its operating systems, including OS X, iOS, watchOS and Apple TV's tvOS, as well as fixes for iTunes and Safari.
OS X received a total of 67 updates, bringing the operating system El Capitan to version 10.11.5. The update also resolved the DROWN vulnerability that was first discovered in March. This vulnerability could have allowed attackers to leak user information.
Among the 67 OS X patches, 25 address vulnerabilities that could lead to code execution, including 19 issues that could trigger applications to execute code with kernel privileges. Six more could result in arbitrary code execution or application termination, which primarily stem from flaws in graphic standards and frameworks.
Most of the issues that were addressed exist in El Capitan, Apple's most recent operating system. However, Mavericks 10.9.5 and Yosemite 10.10.5 were also affected. Mavericks had 12 security bugs and Yosemite had 14.
The libxslt is another big issue that was addressed. The vulnerability exists in all three operating systems as well as iOS, tvOS and watchOS. It could lead to code execution if an attacker successfully tricked a user into visiting a malicious site.
Two issues in Messages that are also present in OS X have fixes, including for a scary bug that could allow attackers to modify a user's contact list as well as leak sensitive information. Speaking of iOS, a terrifying lockscreen bypass vulnerability that could allow attackers access to contacts and photos was also remedied.
As far as watchOS and tvOS go, Apple has patches for a handful of issues, many of which were the same as the bugs it patched in iOS and OS X. One issue needs to be fixed in iTunes while Safari has seven. Five of the seven Safari vulnerabilities could lead to code execution that could result in leaking of data.
This is a serious barrage of security patches, and many of them allow hackers to take over your device or steal information. As such, run the updates as soon as you can.
If you need to get these patches, we've rounded up where each patch is located.
- SA-2016-05-16-1: Apple tvOS 9.2.1
- SA-2016-05-16-2: Apple iOS 9.3.2
- SA-2016-05-16-3: Apple watchOS 2.2.1
- SA-2016-05-16-4: OS X 10.11.5 (and Security Update 2016-003)
- SA-2016-05-16-5: Safari 9.1.1
- SA-2016-05-16-6: Apple iTunes 12.4