Apple fixes dozens of security bugs for iPhones, Macs

(Image: CNET/CBS Interactive)Apple has squashed dozens of security bugs in its latest releases of its iPhone, iPad, and Mac operating systems.
The Cupertino, Calif.-based company rolled out 23 security fixes in iOS 10.3.2 and another 30 fixes in macOS 10.12.5, both of which were released on Monday.
Among the bugs, two bugs in iBooks for iOS could allow an attacker to arbitrarily open websites and execute malicious code at the kernel level. Over a dozen flaws were found in WebKit, which renders websites and pages on iPhones and iPads, that could allow several kinds of cross-site scripting (XSS) attacks.
A separate flaw in iBooks for macOS desktops and notebooks could allow an application to escape its secure sandbox, a technology used to prevent data loss or theft in the case of an app compromise.
Almost half of the bugs found were attributed to Google’s Project Zero, the search giant’s in-house vulnerability-finding and security team.
One of the iOS bugs credited to Synack security researcher Patrick Wardle described a kernel flaw in which a malicious application could read restricted memory, such as passwords or hashes.
In a blog post last month, Wardle explained how he found the zero-day flaw following a supposed fix in an earlier version of macOS 10.12. He said that Apple’s patch “did not fix the kernel panic” and worse, “introduced a kernel info leak, that could leak sensitive information” that could bypass the operating system’s security feature that randomizes the kernel’s memory address locations.
短信认证对于线上交易并不安全
In an email, Wardle admitted he “didn’t realize it affected iOS too.”
Patches are available through the usual automatic update channels.
For privacy and security, change these iOS…
SEE FULL GALLERY

1 – 5 of 13
NEXT
PREV
ZDNET INVESTIGATIONS
US government pushed tech firms to hand over source code
At the US border, expect discrimination, detention, searches, and interrogation
Leaked: TSA documents reveal New York airport’s wave of security lapses
Meet the shadowy tech brokers that deliver your data to the NSA
Trump aides’ use of encrypted messaging may violate records law
An unsecured database leaves off-the-grid energy customers exposed
近场通讯技术NFC在西方发达国家还未有大规模应用,新的无线通讯技术又不断涌现,手机支付的安全性越来越引起人们的关注,互联网金融搭上移动终端的普及,看来传统的金融机构压力越来越大了。
Inside the global terror watchlist that secretly shadows millions
Security flaws in Pentagon servers “likely” under attack by hackers
Revealed: How one Amazon Kindle scam made millions of dollars
US government subcontractor leaks confidential military personnel data
在加大信息安全基础架构建设投入的同时,千万别忽略这些“硬件”系统要搭配上适合的“软件”才能充分发挥效力,实施信息安全技术控制措施,要配以足够的管理流程和人员培训。

猜您喜欢

美国华人教育专家在湘讲学 与中国教师开展互动
从棱镜事件新进展看员工信息安全监管
网络安全公益短片防范移动僵尸网络
哈文剪了新短发 却被指撞脸“吴老师”张凯丽
ORDINEAVVOCATI MKT1151
信息安全基础测试