Patch/Configuration Management, Vulnerability Management

Apple issues updates for almost all its products

Anyone owning an Apple device probably needs to patch it.

Apple pushed out an Adobe-like number of updates for a broad range of its products, many of which patch issues that could lead to remote code execution.

The updates released on January 23 cover iTunes 12.5.5 for Windows, Safari, 10.0.3, iCloud for Windows 6.1.1, macOS Sierra 10.12.3, iOS 10.2.1, tvOS 10.1.1 and watchOS 3.1.3, Apple reported.

The iTunes patch fixes multiple memory corruption issues by improving memory handling. If left unpatched this could lead to arbitrary code execution. The iCloud problems also center on memory corruption and initialization problems that can lead to arbitrary code execution.

The Safari 10.0.3 vulnerabilities covers Safari and Webkit. These include a state management issue in the address bar that if left unfixed and the user visited a malicious website could lead to address bar spoofing. Other flaws discovered include address memory corruption and initialization problems that can lead to arbitrary code execution multiple validations issues that could have led to data exfiltration if the user processed maliciously crafted web content.

Apple's iCloud vulnerabilities all fix issues that could lead to arbitrary code execution, including memory corruption and initialization problems that were addressed through improved input validation and memory handling.

The macOS Sierra 10.12.3 flaws cover a variety of problems with Apache_mod_php, Bluetooth, graphics drivers, help viewer, IOAudiofamily, kernel, libarchive and Vim. The Bluetooth, graphic drivers, Viewer, kernel, libarchive and Vim issues can all lead to arbitrary code execution if left unpatched.

The iOS 10.2.1 has six vulnerabilities that could lead to arbitrary code execution in kernel, libarchive and three in webkit. Others dealt with the auto unlock feature on the Apple Watch unlocking without instruction, problems with the contact list and Wi-Fi on the iPhone 5 and later and iPad.

The tvOS only had one issue leading to arbitrary code execution, in WebKit with Apple TV (4th generation) where memory corruption issues could lead to code execution if a maliciously crafted web content were processed.  

The final update covers watchOS 3.1.3 but contains the most issues that could lead to arbitrary code execution with 17 of the 31 flaws listed. The areas that include these flaws include audio, CoreFoundation, Coretext, Disk Images, FontParser, kernel, icu, IOHIDFamily, libarchive, profiles and WebKit,

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds