Security News

Apple Releases macOS Sierra 10.12.3 and More with Security Fixes

Posted on January 24th, 2017 by

Apple Software Security Updates

Apple has released updates to all of its operating systems, as well as iTunes and Safari. While these may seem like insignificant updates as there is little to be excited about, they are in fact pretty significant because all of the software updates address serious kernel vulnerabilities.

A kernel vulnerability for a bad guy is like striking gold. When exploited, it allows for total control over a system. With that in mind, we strongly recommend everyone installs the below updates as soon as possible. Here are some details.

macOS Sierra 10.12.3

Available for: Any Mac running macOS Sierra 10.12.2

Listed as an update that improves the stability and security of your Mac, it mentions the following as being addressed:

  • Improves automatic graphics switching on MacBook Pro (15-inch, October 2016)
  • Resolves graphics issues while encoding Adobe Premiere Pro projects on MacBook Pro with Touch Bar (13- and 15-inch, October 2016)
  • Fixes an issue that prevented the searching of scanned PDF documents in Preview

It is said that these graphics improvements also resolve the poor battery life many users have been experiencing. As you know, there are more issues addressed in these updates that Apple does not mention in the App Store update window. In this case, the update also includes fixes for 12 security issues found in Bluetooth, Graphics Drivers, Kernel and Webkit.

macOS Sierra 10.12.3 can be downloaded by going to the App Store > Updates tab, as a stand-alone update here or a combo update here.

iOS 10.2.1

Available for: iPhone 5 and later, iPad 4th generation and later,iPod touch 6th generation and later

Listed as an update that includes bug fixes and improves the security of your iPhone or iPad, the update notice mentions no further specifics. However, a look at the security content of the update shows that 18 security issues were addressed. The majority is for WebKit, but fixes for Auto Unlock, Contacts, Kernel, Wi-Fi and lib archive were included as well.

iOS 10.2.1 can be downloaded over the air by going to Settings > General > Software Update. You can also connect your iOS device to your Mac and let iTunes do the update for you.

tvOS

Available for: Apple TV (4th generation)

Mentioning nothing more than "an update is available," it appears the tvOS update offers no new features or functionality. It does address 12 security issues, though. As with the iOS update, the majority of issues fixed in the tvOS update was with WebKit, along with the same Kernel and lib archive issues from iOS.

The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

watchOS 3.1.3

Available for: All Apple Watch models

Addressing a total of 33 security issues in Accounts, Auto Unlock, several Core services, Kernel and more, this is a jam-packed update. The Auto Unlock issue meant that an Apple Watch was able to unlock a Mac even if it was not on the owner's wrist. Basically, anyone could steal your watch and use it to unlock your Mac.

watchOS 3.1.3 can be installed by connecting the watch to its charger then on the iPhone open the Apple Watch app > My Watch tab > General > Software Update.

Safari 10.0.3

Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,and macOS Sierra 10.12.3

Safari 10.0.3 is included in the macOS Sierra 10.12.3 update, and also available as stand-alone update for OS X Yosemite 10.10.5 and El Capitan 10.11.6 users. Safari 10.0.3 addresses 12 WebKit security issues.

The update can be downloaded by going to the App Store > Updates tab.

iTunes 12.5.5

Available for Windows and macOS Sierra 10.12.2, it is currently unknown which security issues iTunes 12.5.5 addresses on the Mac. For Windows, the update patches 4 WebKit issues, but no documentation is available for the Mac update yet. It's a safe assumption that it addresses the same or similar WebKit issues, though. The update can be downloaded through the App Store > Updates tab or from Apple's website here.

All of the above mentioned updates fix a lot of security issues that, when exploited, can cause arbitrary code execution, denial of service and data exfiltration. Exploiting the kernel vulnerabilities alone would have allowed an attacker to add files, delete files or execute any actions. Go forth and install these updates, preferably sooner than later!

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent malware protection tests, and also writes about privacy and security related matters on his blog Security Spread. Follow him on Twitter at @SecuritySpread. View all posts by Jay Vrijenhoek →

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}