Apple kills 28 flaws in OS X, iOS and QuickTime

If you use Apple’s OS X El Capitan, iOS and QuickTime on any of your computers and devices, you might want to implement the latest updates pushed out on Tuesday.

OS X El Capitan 10.11.3 (the latest version) and Security Update 2016-001 fix:

  • Seven memory corruption issues in various components that could allow a local user to execute arbitrary code with kernel privileges or root privileges
  • One type confusion issue whose exploitation can be triggered by users visiting a maliciously crafted website, and can lead to arbitrary code execution, and
  • One issue in OSA Scripts that allows a quarantined application to override OSA script libraries installed by the user.

This latest version of the OS also contains the security content of Safari 9.0.3.

QuickTime 7.7.9 plugs nine memory corruption issues that could lead to an unexpected application termination or arbitrary code execution if the user is tricked into viewing a maliciously crafted movie file.

Finally, iOS 9.2.1 contains fixes for many of the same memory corruption issues found in El Capitan (and which may lead to arbitrary code execution by a local user), five of the same type of flaws (in WebKit) that can lead to code execution if the user visits a maliciously crafted website, a privacy issue in WebKit CSS which could reveal to website admins if the user visited a specific link, and an flaw that could be exploited via malicious captive portals to access and modify visitors’ cookies.

As always, no specific details about the flaws are revealed until most users have implemented the updates.