Apple is seeding security updates that aims at fixing most of the recent threats that were looming large. This includes the iOS flaw that made it easier for the attackers to decrypt iMessages raising severe security concerns. Furthermore, the attacks by Wi-Fi Networks, PDF files, fonts and other types of files on the iOS devices and the OSX computers have made the things worse.
The security voids would potentially make your system susceptible to a numerous kinds of attack including, hijacking, password theft, remote code executions and also the infamous ransomware. Apple devices have undoubtedly been compromised and the update we are talking about is like a jab of antidote that is expected to put an end to the security exploits.
If you own an iOS device update to the iOS 9.3, which brings in a host of security fixes making your iPhone or an iPad much safer. The update fixes the bug that would allow remote control attackers, attacks by opening up malicious PDF files, fixing kernels which would let applications to cause DoS (Denial of Services) and fixes in the WebKit avoiding arbitrary code execution by malicious web content. The scariest of the bug is the one wherein attackers would be able to bypass Apple’s certificate pinning and access encrypted attachment type files. This would let attacker access all the file attachments exchanges by the users by impersonating a root CA.
The fixes for OSX reveals that the operating system had a boatload of bugs. Updates are made available for OS X Maverics 10.9, OS X Yosemite 10.10 and OS X EL Capitan 10.11. Although the updates have been released for older operating systems it is advisable to update to the latest operating system, which is usually the one that receives patches and updates on a priority.
Let’s take a look at the bugs it has fixed, shortcomings that would let an application to execute arbitrary code, changes in FontParser which would have otherwise let a malicious PDF take control of the system and the bugs that allow for unintentional termination of the applications. The more serious bug fixes include the one that would leak user sensitive information to a malicious server and few other bugs allowing for attackers to carry our DoS attacks.