Apple kills eavesdrop bug in FaceTime
Flaws also squashed in Safari, iTunes and iOS
Apple has released a bundle of patches to fix security holes in OS X, iOS, iTunes and Safari.
The bevy of updates also includes fixes for a number of issues in Apple's iCloud and iTunes for Windows software.
Among the most startling vulnerabilities addressed in the updates is a man-in-the-middle flaw discovered in FaceTime by researcher Martin Vigo. That flaw, CVE-2016-4635, would allow an attacker who had access to network traffic to eavesdrop on the audio portion of FaceTime calls even after the user had been told a call had ended.
"User interface inconsistencies existed in the handling of relayed calls," Apple said.
"These issues were addressed through improved FaceTime display logic."
Other updates include fixes for six remote code execution vulnerabilities in OpenSSL, seven remote code flaws in QuickTime, and nine CVE-listed flaws in the WebKit browser engine that would allow remote code execution, data disclosure, and denial of service attacks.
Windows users, meanwhile, should check their PCs for updates to iTunes and iCloud. The iTunes for Windows 12.4.2 release addresses 15 different CVE-listed flaws in libxml and libxslt, while iCloud for Windows 5.2.1 fixes those same flaws in the cloud software clients.
Users can download the patches from Apple through the Software Update tool in OS X, iOS, or Windows. The watchOS can be downloaded and installed through iOS, while the tvOS update can be downloaded through the AppleTV "update software" screen. ®