Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

OS X El Capitan, Yosemite Security Updates Patch Trident Flaws

$
0
0

OS X El Capitan, Yosemite Security Updates Patch Trident Flaws

Apple has released Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite, as well as updates to its web browserwithSafari 9.1.3. Apple’s software updates fix two of the three “Trident” vulnerabilities previously patched with iOS 9.3.5 .

These security updates are available forOS X Yosemite 10.10.5 and OS X El Capitan 10.11.6.Unfortunately, it appears that Mavericks users may be left vulnerable to at least two of the three Trident flaws. (The standalone Safari 9.1.3 update includes Mavericks, which patches oneout of threevulnerabilities.)

OS X and iOS share a codebase so it makes sense they patched OS X as well. What's a bit surprising isthat a company as skilled as the one that made Pegasus to exploit the iOS vulnerabilities would not realize that the Mac shares those same flaws and not try to exploit them. No exploits for the Trident vulnerabilities have been discovered on the Mac, though that doesn't mean an exploit isn't out there―just that one hasn't been found yet.

As Apple detailed in its OS X and iOS 9.1.3 security bulletins, following are the bugs addressed in these updates:

CVE-2016-4654 : Visiting a maliciously crafted website may lead to arbitrary code execution. A memory corruption issue was addressed through improved memory handling. CVE-2016-4655 : An application may be able to disclose kernel memory. A validation issue was addressed through improved input sanitization. CVE-2016-4656 : An application may be able to execute arbitrary code with kernel privileges. A memory corruption issue was addressed through improved memory handling.

Security Update 2016-001 (for El Capitan)and Security Update 2016-005 (for Yosemite) are recommended for all users and improves the security of OS X.

OS X El Capitan and Yosemite users can download the latest security updates by the method you prefer most:Either visit the Mac App Store toinstall the latest security updates ,or get the new software from Apple’s official website. Mavericks users can get the Safari 9.1.3 update from the Mac App Store as well.

Apple.com Downloads

Viewing all articles
Browse latest Browse all 12749

Trending Articles