Apple has emitted a set of software security updates for all of its major operating systems.
The patches address holes in iOS, macOS, Safari, iCloud for Windows, watchOS, and tvOS.
For iPhone and iPad users, Apple has kicked out iOS 10.2.1, addressing a total of 18 CVE-listed vulnerabilities, including a bug that caused the iPhone's auto-unlock feature to unlock when it shouldn't. You can pair an Apple Watch with an iThing so that, when the smartwatch is being worn and nearby, the handheld will automatically unlock. Unfortunately, a bug allows the auto-lock to unlock even if the watch isn't being worn.
"Auto Unlock may unlock when Apple Watch is off the user's wrist," said Apple in its advisory.
Also patched in the update were two remote code execution flaws in the iOS Kernel and 12 CVE-listed vulnerabilities in WebKit, the browser engine Apple uses for both iOS and Safari.
On the Mac, Apple has issued the macOS Sierra 10.12.3 update to patch a total of 11 CVE-listed vulnerabilities, including three flaws in PHP, a use-after-free vulnerability in the macOS Bluetooth component, and two remote code execution bugs in Kernel.
Mac users are being advised to update Safari to version 10.0.3. That update, which is also being offered for Macs running Yosemite and El Capitan, sports fixes for a total of 12 flaws, 11 in WebKit.
The largest update, in terms of bugs fixed, is watchOS 3.1.3, containing updates for 33 CVE-listed security flaws. These include a hole that left an App's authorization settings on the Watch after an uninstall, the Auto Unlock bug (also addressed in the iOS update), and a denial-of-service error in the Watch's kernel – whose discovery was credited to the UK's National Cyber Security Centre.
For the AppleTV, Cupertino has kicked out tvOS 10.1.1. That release includes fixes for 12 CVE-listed vulnerabilities, nine of them in WebKit. AppleTV owners can get the update through the Software Update tool in the TV's Settings App.
Finally, for those using iCloud for Windows, Apple has posted the 6.1.1 update to address four WebKit flaws present in the Windows client, all of which could potentially be targeted for remote code execution attacks. ®