iTnews

Apple plugs large number of security holes in iOS 9.2

By Juha Saarinen on Dec 9, 2015 10:26AM
Apple plugs large number of security holes in iOS 9.2

OS X, watchOS, tvOS and Xcode vulnerabilities also patched.

Apple today released a substantial update for its iOS mobile operating system, containing bug fixes and multiple patches for remotely exploitable vulnerabilities.

No fewer than 50 security flaws are patched in iOS 9.2, 19 of which permitted local and remote execution of arbitrary code without user interaction.

The zlib file compression library, CoreMedia Playback media utility, libarchive archival utility and the OpenGL 2D and 3D graphics platform all allowed maliciously crafted websites to run arbitrary code on victims' systems, Apple said in its security advisory.

Ten flaws in the WebKit rendering engine, used by Apple's Safari web browser and the company's App Store and other iOS and OS X applications could be abused in a similar manner.

Safari itself was vulnerable to URL link spoofing, which could be used to trick users into thinking they were visiting a specific site, when in fact they had been lured elsewhere.

The DYLD dynamic linker, which was hit by a zero-day exploit in August this year, was once again patched after Apple and the PanguTeam jailbreakers discovered malicious applications could abuse multiple segment validation flaws to run arbitrary code on victims' systems.

Today's updates are for Apple iPhone 4s and later models, fifth generation iPod Touch and beyond, and iPad 2 and newer.

A total of 54 security flaws were patched with the 10.11.2 update for Apple's OS X desktop operating system; the update for OS X incorporates security patches for components shared with iOS. 

Of the OS X vulnerabilities, 24 could be used for local and remote execution of arbitrary code, Apple said. OS X 10.11.2 also fixes bugs in system components such as Handoff and Airdrop, and makes wi-fi and Bluetooth networking more reliable.

Security updates are also available for watchOS, tvOS and the Xcode set of development tools.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
appleiosios 92os xos x 10112securitywebkit

Partner Content

DoT Victoria turns to Oracle to implement unified cloud-based platform
Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform
Top 5 Benefits of Managed IT Services
Promoted Content Top 5 Benefits of Managed IT Services
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
Dec 9 2015
10:26AM
0 Comments

Related Articles

  • Apple patches actively exploited macOS Big Sur bug
  • Emergency patches out for exploited Apple zero-days
  • Surprise Apple macOS and iOS updates fix a slew of vulnerabilities
  • Apple patches exploited bug in Webkit
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.