Got an Apple Mac, iThing? Update it right now – there's a shedload of security holes fixed
OS X, iOS, watchOS, iTunes for Windows all get bug fixes
Apple has posted security updates and feature improvements for its desktop, mobile, and developer gear.
The Cupertino giant today issued updates for iOS, OS X, and watchOS, plus iTunes on Windows, Safari on OS X, and Mac firmware.
The OS X El Capitan update also "improves compatibility with Microsoft Office 2016," so if you've been having crashes with Redmond's productivity suite, this upgrade should be the fix you've been waiting for.
Here are the security bugs that have been patched today:
- Xcode 7.1 – available for OS X Yosemite v10.10.5 or later
- Mac EFI Security Update 2015-002 – available for computers running OS X Mavericks v10.9.5
- iTunes 12.3.1 – available for Windows 7 and later
- OS X El Capitan 10.11.1 and Security Update 2015-007
- Safari 9.0.1 – available for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
- watchOS 2.0.1 – available for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
- iOS 9.1 – available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
iOS 9.1 patches 49 CVE-listed security vulnerabilities, including flaws that can be exploited to remotely execute code on an iOS device via a maliciously crafted webpage, application, archive, or font file.
The update also includes nine fixes for security vulnerabilities in WebKit, four in ImageIO, and three in the iOS kernel. It kills the flaws exploited by the Pangu jailbreak tool, too.
The new iOS build also improves the Live Photos feature, and installs dozens of new emojis, if that's your thing.
OS X 10.11.1, aka El Capitan
Meanwhile, OS X El Capitan has been updated to version 10.11.1, which includes security fixes for 60 CVE-listed flaws. Bugs have been squashed in PHP, FontParser, ImageIO, and OpenGL. Apple also released a security update for OS X 10.9.5 Mavericks, addressing a vulnerability in the EFI firmware.
OS X El Capitan, Yosemite, and Mavericks fans should update their copies of Safari: the latest build addresses nine CVE-listed vulnerabilities in WebKit that can be exploited by malicious webpages to potentially hijack the computer.
According to Apple, the OS X 10.11.1 update also:
- Improves installer reliability when upgrading to OS X El Capitan.
- Improves compatibility with Microsoft Office 2016.
- Fixes an issue where outgoing server information may be missing from Mail.
- Resolves an issue that prevented display of messages and mailboxes in Mail.
- Resolves an issue that prevents certain Audio Unit plug-ins from functioning properly.
- Improves VoiceOver reliability.
- Adds over 150 new emoji characters with full Unicode 7.0 and 8.0 support.
- Resolves an issue that caused JPEG images to appear as a gray or green box in Preview.
iTunes for Windows, watchOS and Xcode
Apple has published version 12.3.1 of iTunes for Windows that addresses 12 CVE-listed flaws involving a man-in-the-middle vulnerability related to WebKit, and a remote-code execution vulnerability that could allow a text file to exploit programming blunders.
Watch owners should update their prized arm-tablets to watchOS version 2.0.1. That update fixes 14 CVE-listed flaws, including a vulnerability in Apple Pay allowing terminals to retrieve transaction history and a pack of remote code execution flaws in ImageIO.
Even Apple's Xcode developer platform got on board the Wednesday update train. The Xcode 7.1 release addresses a type conversion issue with Swift programs.
Get patching before miscreants start exploiting these holes. ®