If you have a piece of Apple technology in your
house or office, chances are that it’s time you updated it.
On Monday Apple issued security patches for all of
its major operating systems – fixing vulnerabilities in iOS, macOS, watchOS,
tvOS, the Safari browser, and iCloud for Windows.
iPhones and iPads, for
instance, now have access to new version of the iOS operating system – version
10.2.1. In a support knowledgebase article, Apple shares details of a host of vulnerabilities that iOS 10.2.1
reportedly fixes, including a flaw that allowed devices to be automatically
unlocked even when users were not wearing a linked Apple Watch.
In addition, updating to iOS 10.2.1 is said to fix
two very serious remote code execution flaws that Google vulnerability
researchers uncovered in Apple’s code. Such vulnerabilities potentially, if
left unpatched, hcould be abused by criminal hackers eager to install malware
onto targeted devices.
Furthermore, 12 vulnerabilities in Webkit – the
technology Apple uses to render webpages in iOS and macOS – have been fixed.
More details of these and
other security fixes in iOS 10.12.1 are described on Apple’s support knowledgebase webpage.
To update your iPhones and iPads, select “Settings
/ General / Software update”.
Macs and MacBooks haven’t
escaped the wave of security patches either, with users encouraged to update to
macOS Sierra 10.12.13 to protect against a variety of
vulnerabilities.
The security holes addresses in macOS Sierra
10.12.13 include “multiple issues” in PHP, and a method by which an attacker
may be able to exploit a weakness in Apple’s Bluetooth code to execute
malicious code with kernel privileges.
In addition, the new version of macOS Sierra is
said to fix a vulnerability in Help Viewer which – if left unpatched – could
allow a malicious attacker to plant boobytrapped content on a webpage that
would result in arbitrary code execution.
Mac users, including those
still running Mac OS X Yosemite and El Capitan, are advised by Apple to update their copies of the Safari
web browser to version 10.0.3. The new version of Apple’s browser fixes
numerous flaws which could be exploited by attackers if user visit poisoned
webpages from a vulnerable computer.
More details of these and
other security fixes in macOS Sierra 10.12.13 are described on Apple’s support knowledgebase webpage.
To update your Apple desktop and laptop computers,
open the “App Store” and choose “Updates” from the top right corner of the window.
Meanwhile watchOS (updated
to version 3.0.3) and tvOS (updating Apple TV devices to version 10.1.1 of the
operating system) also received fixes, including fixes for flaws that could see
maliciously crafted content leading to arbitrary code execution.
My view is that if Apple is treating the security
vulnerabilities seriously, and pushing the patch out to the masses, then you
should take them seriously too.
Although there is an argument that it’s unwise to
be one of the very first to install a security update, in case the code is
buggy or causes conflicts, for most people it probably makes sense to install
the updates at the earliest opportunity.
Patches and security updates are an essential part
of your arsenal of weaponry, defending you from online attack. Combined with
other security solutions you can harden your systems and reduce the chances of
a hacker stealing your records or hijacking your online identity.
Although it would have been better if these software
bugs had not been present in the first place, Apple should be applauded for
addressing the security holes and helping to make their users safer. A notable
rival smartphone operating system has had a much more chequered history when it
comes to making security updates available to users.