Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Got an Apple Mac, iThing? Update it right now – there's a shedload of security holes fixed

OS X, iOS, watchOS, iTunes for Windows all get bug fixes

Apple has posted security updates and feature improvements for its desktop, mobile, and developer gear.

The Cupertino giant today issued updates for iOS, OS X, and watchOS, plus iTunes on Windows, Safari on OS X, and Mac firmware.

The OS X El Capitan update also "improves compatibility with Microsoft Office 2016," so if you've been having crashes with Redmond's productivity suite, this upgrade should be the fix you've been waiting for.

Here are the security bugs that have been patched today:

iOS 9.1

iOS 9.1 patches 49 CVE-listed security vulnerabilities, including flaws that can be exploited to remotely execute code on an iOS device via a maliciously crafted webpage, application, archive, or font file.

The update also includes nine fixes for security vulnerabilities in WebKit, four in ImageIO, and three in the iOS kernel. It kills the flaws exploited by the Pangu jailbreak tool, too.

The new iOS build also improves the Live Photos feature, and installs dozens of new emojis, if that's your thing.

OS X 10.11.1, aka El Capitan

Meanwhile, OS X El Capitan has been updated to version 10.11.1, which includes security fixes for 60 CVE-listed flaws. Bugs have been squashed in PHP, FontParser, ImageIO, and OpenGL. Apple also released a security update for OS X 10.9.5 Mavericks, addressing a vulnerability in the EFI firmware.

OS X El Capitan, Yosemite, and Mavericks fans should update their copies of Safari: the latest build addresses nine CVE-listed vulnerabilities in WebKit that can be exploited by malicious webpages to potentially hijack the computer.

According to Apple, the OS X 10.11.1 update also:

  • Improves installer reliability when upgrading to OS X El Capitan.
  • Improves compatibility with Microsoft Office 2016.
  • Fixes an issue where outgoing server information may be missing from Mail.
  • Resolves an issue that prevented display of messages and mailboxes in Mail.
  • Resolves an issue that prevents certain Audio Unit plug-ins from functioning properly.
  • Improves VoiceOver reliability.
  • Adds over 150 new emoji characters with full Unicode 7.0 and 8.0 support.
  • Resolves an issue that caused JPEG images to appear as a gray or green box in Preview.

iTunes for Windows, watchOS and Xcode

Apple has published version 12.3.1 of iTunes for Windows that addresses 12 CVE-listed flaws involving a man-in-the-middle vulnerability related to WebKit, and a remote-code execution vulnerability that could allow a text file to exploit programming blunders.

Watch owners should update their prized arm-tablets to watchOS version 2.0.1. That update fixes 14 CVE-listed flaws, including a vulnerability in Apple Pay allowing terminals to retrieve transaction history and a pack of remote code execution flaws in ImageIO.

Even Apple's Xcode developer platform got on board the Wednesday update train. The Xcode 7.1 release addresses a type conversion issue with Swift programs.

Get patching before miscreants start exploiting these holes. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like