Apple cleaned house via a slew of operating system updates on Monday, pinning down nearly 350 known vulnerabilities between its changes to iOS, macOS, watchOS and tvOS.
Starting with iOS 10.3, Apple’s latest version includes Find My AirPods, Apple’s new file system, CarPlay, and a few other small visual tweaks. With nearly every update Apple does, they also include a handful of security fixes that easily go unnoticed by the user. iOS 10.3 is no exception with over 85 different common vulnerabilities and exposures (CVEs) listed.
In one case, the iOS 10.3 update patched a security hole that allowed attackers to spam Safari with a ‘Cannot Open Page’ dialog. Lookout, a cybersecurity company, learned of the attack after one of their users complained of losing control over their browsing experience. The dialog was meant to trick users into eventually paying money to “unlock” their Safari browser.
Another update for both iOS and macOS repaired a vulnerability in which users connecting to what seemed to be a secure server opened the door for remote code execution. The vulnerability discovered by Talos, a threat intelligence organization, showed that when a Safari browser navigated to a HTTPS site, macOS and iOS would validate the invalid and malicious certificate leaving the user open to attack.
Just in the past few weeks alone, WikiLeaks has released reports from previous exploits that the CIA used on iOS and Mac devices. While the reports were aged and shared outdated exploits, the sheer number of fixes that Apple released this week alone shows that many vulnerabilities still exist.
As always, be sure to install security updates where you can, be safe out there and stay tuned for additional details as they become available.
Via 9to5Mac and support.apple.com