Apple has released updates for its iOS and macOS operating systems, patching a series of critical security vulnerabilities along with other bugs. Here’s what you need to know.
Among the bugs that were patched were two kernel level critical vulnerabilities discovered by Ian Beer from Google’s Project Zero that affected both iOS and macOS Sierra:
CVE-2017-2370 is a buffer overflow vulnerability that could potentially let a dodgy application execute arbitrary code with kernel privileges. CVE-2017-2360 also allowed for arbitrary code execution through a ‘use after free’ flaw, a form of memory corruption bug.
Another critical vulnerability that affected both the mobile and desktop operating systems is CVE-2016-8687, a libarchive buffer overflow bug that could lead to remote code execution through unpacking of a maliciously crafted archive, according to Apple.
Other vulnerabilities on iOS that were patched mainly involved WebKit, the web browser engine used by Safari, Apple’s App Store, and other macOS, iOS and Linux applications.
On macOS there were a few bugs that allowed for arbitrary code execution, some with kernel privileges.
You can find out more through Apple’s security patch notes for iOS 10.2.1 and macOS Sierra 10.12.3.
Considering how serious some of these security vulnerabilities are, it’s advised that iOS and macOS Sierra users apply the updates as soon as possible.
[Apple via Threatpost]
Comments