Apple Patches Dozens of Security Holes in Latest Updates

Apple this week updated all of its core operating systems with critical security patches. The company repaired vulnerabilities in iOS, macOS, tvOS, iCloud, iTunes, and Safari for iPhones, iPads, Macs, consoles, and Windows machines. Developers and consumers should update as soon as possible. 

Soon after Apple's news-focused event took place on Monday, March 25, the company pushed significant updates to its various platforms. Their three main operating systems, iOS, macOS, and tvOS, received some attention, as did individual apps such as iTunes and Safari. Here are the details on what's been patched. 

The list of security patches for iOS is extensive. Really extensive. To start, the OS refresh applies to the iPhone 5s and later, iPad Air and later, and the iPod Touch 6th generation. A quick rundown on the OS components impacted include contacts, Exchange, FaceTime, feedback, kernel, mail, messages, privacy, Safari, Safari Reader, Siri, and WebKit. 

Some of the vulnerabilities incude the ability for malicious applications to elevate privileges, wipe devices, keep FaceTime video running after the call ends, write arbirtrary files, send SMS messages, read/alter the kernel, and spoof mail signatures. The WiFi and WebKit lapses are the most serious, as they allowed for remote code execution and device tracking via MAC address. 

Apple's macOS sees a similar number of problems patched for similar issues. The security issues could lead to remote code execution, denial of sevice attacks, elevated privileges, root access, user data exposure, and kernel access. These could impact functions including Contacts, FaceTime, Messages, Notes, Perl, Security, Siri, and Time Machine.

These same issues more or less apply to tvOS, the operating system for the Apple TV product. 

Safari's weaknesses are nearly all found in WebKit, with just a few in Safari Reader. Apple says the new patches will prevent maliciously crafted Web pages from universal cross site scripting, arbitrary code execution, user data leaks, and circumvented Sandbox restrictions. 

iCloud and iTunes for Windows machines are apparently in danger without the latest patches. The iCloud and iTunes issues exclusively impact WebKit and can lead to privacy leaks, remote code execution, memory leaks, and universal cross-site scripting.

Apple says all develoeprs and consumers need to install these patches. The company has not yet made clear if it is updating any of the associated SDKs with compatibiity for these patches. 

Be sure to read the next Security article: Facebook Launches Multi-Faceted Plan to Stop Election Meddling