Windows 10 News and info | Forum
May 30, 2017, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot and Botscout | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website Windows 8 Forum Help Login Register  
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Apple fixes dozens of security bugs for iPhones, Macs  (Read 30 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 26572


I Do Windows


WWW Email
« on: May 16, 2017, 04:08:11 PM »
ReplyReply

The company released iOS 10.3.2 for iPhones and iPads. It also released macOS 10.12.5.

Apple has squashed dozens of security bugs in its latest releases of its iPhone, iPad, and Mac operating systems.

The Cupertino, Calif.-based company rolled out 23 security fixes in iOS 10.3.2 and another 30 fixes in macOS 10.12.5, both of which were released on Monday.

Among the bugs, two bugs in iBooks for iOS could allow an attacker to arbitrarily open websites and execute malicious code at the kernel level. Over a dozen flaws were found in WebKit, which renders websites and pages on iPhones and iPads, that could allow several kinds of cross-site scripting (XSS) attacks.

A separate flaw in iBooks for macOS desktops and notebooks could allow an application to escape its secure sandbox, a technology used to prevent data loss or theft in the case of an app compromise.

Almost half of the bugs found were attributed to Google's Project Zero, the search giant's in-house vulnerability-finding and security team.

One of the iOS bugs credited to Synack security researcher Patrick Wardle described a kernel flaw in which a malicious application could read restricted memory, such as passwords or hashes.

In a blog post last month, Wardle explained how he found the zero-day flaw following a supposed fix in an earlier version of macOS 10.12. He said that Apple's patch "did not fix the kernel panic" and worse, "introduced a kernel info leak, that could leak sensitive information" that could bypass the operating system's security feature that randomizes the kernel's memory address locations.

In an email, Wardle admitted he "didn't realize it affected iOS too."

Patches are available through the usual automatic update channels.

source
« Last Edit: May 16, 2017, 04:09:59 PM by javajolt » Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines