Think you're all done patching? Not if you have any Apple gear

OS X, iOS, Safari, pretty much everything anyone still buys has been patched

Apple logo. Pic: Blake Patterson

Apple has joined the likes of Microsoft and Adobe in releasing patches for dozens of security holes in its products.

The Cupertino design studio has posted updates for nearly all of its product lines, fixing security holes in iOS, OS X, watchOS, tvOS, Safari, and Xcode.

For OS X users, the update is packaged as El Capitan 10.11.2 or Security Update 2015-008 for Yosemite and Mavericks. It addresses 54 CVE-listed security flaws in the Apple desktop OS, including remote code execution vulnerabilities in the OS X Kernel, CoreGraphics, and OpenGL.

Though Apple said that it recommends all OS X users install the update, it cautioned that the fix will also disable QuickTime 7, and anyone who needs to use the plug-in to view content will need to manually enable it in Safari.

Speaking of Safari, Apple has posted a separate update to fix 12 flaws in the browser's WebKit engine, including vulnerabilities that can be targeted for remote code execution attacks. Users should update to Safari 9.0.2 to get the fixes.

Also among the updates is iOS 9.2. It will patch 50 CVE-listed flaws in iOS, including 11 flaws for the WebKit engine. Users can obtain the update through iTunes or the Software Update tool in the iOS settings app.

In addition to the security fixes, iOS 9.2 will add new features for Apple Music, News, and Mail.

For Apple Watch owners, there is watchOS 2.1, which includes patches for 30 CVE-listed issues. Among the patched flaws are vulnerabilities that could allow for remote code execution, denial of service, and elevation of privilege attacks.

Those owning the new fourth-generation AppleTV will be asked to install the tvOS 9.1 update. The fix addresses 48 CVE-listed holes in the set-top box, including many of the WebKit and Kernel flaws patched in the other Apple Updates.

Finally, Apple has posted an update for its Xcode developer tools, addressing flaws in the Git, IDE SCM, and otools components. ®

Sponsored: Minds Mastering Machines - Call for papers now open


Biting the hand that feeds IT © 1998–2018