Apple plugs large number of security holes in iOS 9.2

iTnews ^ | Dec 9 2015 10:26AM (AUS) | Juha Saarinen

[Utilizer]

...

Apple today released a substantial update for its iOS mobile operating system, containing bug fixes and multiple patches for remotely exploitable vulnerabilities.

No fewer than 50 security flaws are patched in iOS 9.2, 19 of which permitted local and remote execution of arbitrary code without user interaction.

The zlib file compression library, CoreMedia Playback media utility, libarchive archival utility and the OpenGL 2D and 3D graphics platform all allowed maliciously crafted websites to run arbitrary code on victims' systems, Apple said in its security advisory.

Ten flaws in the WebKit rendering engine, used by Apple's Safari web browser and the company's App Store and other iOS and OS X applications could be abused in a similar manner.

[Utilizer]

Security threat for the apple crowd to consider...

[Utilizer]

Ping...

[musicman]

Less Than $990 To Go!!
Help FR Continue the Conservative Fight!
Your Monthly and Quarterly Donations
Help To Keep FR In The Battle !!

Sponsoring FReepers are contributing
$10 Each time a New Monthly Donor signs up!
Get more bang for your FR buck!
Click Here To Sign Up Now!

[Swordmaker]

Apple today released OS X El Capitan 10.11.2 which improves the stability, compatibility, and security of your Mac.

This update:

• Improves Wi-Fi reliability
  
• Improves the reliability of Handoff and AirDrop
  
• Fixes an issue that may cause Bluetooth devices to disconnect
  
• Fixes an issue that prevented Mail from deleting messages in an offline Exchange account
  
• Fixes an issue that prevented importing photos from an iPhone to a Mac using a USB cable
  
• Improves iCloud Photo Sharing for Live Photos

Enterprise content:

• Resolves an issue where reinstalling a configuration profile containing a certificate payload causes the certificates to be removed instead of updated
  
• Resolves an issue that caused multiple authentication prompts in Safari when using NTLM authentication
  
• Allows for deferred enablement when using the “fdesetup” command to enable FileVault with mobile accounts

For detailed information about the security content of this update, see Apple Security Updates.

[Liberty Valance]

*bimp*

[Scutter]

Just installed it on my iPad. The release notes mention a couple of (smallish) new features too - so it’s not just security patches.

[Swordmaker]

Security threat for the apple crowd to consider...

The author of this article mistakes "vulnerabilities" for "exploits." None of these "vulnerabilities ever rose to the level of an "exploitable" danger. At this point these become a possible danger only for those users who don't bother updating.

[House Atreides]

Swordmaker, see the below linked article.

http://www.slate.com/articles/technology/future_tense/2015/12/ecpa_reform_the_sec_wants_to_undermine_important_email_privacy_legislation.html

Question for you if you know: Would my emails (sent from my iMac, iPhone or iPad using Verizon as my Internet service provider) be in an encrypted state as they reside on Verizon’s server?

I didn’t know there was such a thing as “administrative subpoenas” allowing government access for messages over 180 days old. I always thought that to get such access required a warrant, based on probable cause and signed by a judge.

[AFreeBird]

Can’t address Verizon. But if you were to switch your email over to iCloud.com, those emails, and everything else in the cloud will be encrypted. And as you have an iTunes account already, all you have to do is activate your iCloud account.

I keep my Comcast account for junk stuff, but I’ve moved my personal stuff over to iCloud.

[Swordmaker]

Question for you if you know: Would my emails (sent from my iMac, iPhone or iPad using Verizon as my Internet service provider) be in an encrypted state as they reside on Verizon’s server?

As far as I know, unless an email content is specifically encrypted by some application such as PGP (Pretty Good Privacy), email is transmitted in text or standard HTML code. The carriers do use a generic encryption for which they hold the keys and almost every hacker worth his daily salt has copies of those keys, as do law enforcement agencies. PGP keys are public one way but are breakable with back doors available to authorities and hackers. There are methods to transmit your messages that no one but you and the recipient can understand. Andrew

[Swordmaker]

Can’t address Verizon. But if you were to switch your email over to iCloud.com, those emails, and everything else in the cloud will be encrypted. And as you have an iTunes account already, all you have to do is activate your iCloud account.

That doesn't apply to email in transit to non-iCloud accounts. It works with iMessenger accounts between Apple users. . . but if one user is a yahoo or a Windows account, or any other non-Apple account, it will be sent normally, because the recipient would not have the Apple code for decryption.

[House Atreides]

That doesn’t apply to email in transit to non-iCloud accounts. It works with iMessenger accounts between Apple users. . . but if one user is a yahoo or a Windows account, or any other non-Apple account, it will be sent normally, because the recipient would not have the Apple code for decryption.
**********************************************************************************

Thanks guys, I’m going to have to rearrange my email processes. I do not like the idea of “administrative (i.e., non-Judge) subpoenas” under a government run by the Obama regime and their corrupt operatives sprinkled throughout the civil service.

I guess I’m going to have to drop all my friends who still haven’t converted to use of Apple products. Just kidding on this last item...I think.

[usconservative]

I don't know what's worse: these so-called "security threats" or the fact that since iOS 8 every new release of iOS slows down my iPad Mini 2 more and more.

I'm not updating it anymore. It's almost useless now for anything beyond email and watching a video once in awhile. Even then, video's seldom if ever play back smoothly and pretty much every app on it takes a very long time to load. That's enough Apple for me.

Not buying into Apple's planned obsolescence anymore.

[usconservative]

Can’t address Verizon. But if you were to switch your email over to iCloud.com, those emails, and everything else in the cloud will be encrypted. And as you have an iTunes account already, all you have to do is activate your iCloud account.

That only works if all your friends are on iCloud too. Anyone on Comcast, Google, Yahoo, Hotmail/Outlook (whatever Microsoft is calling that these days...) is unencrypted and so is any email you sent them.