Bugs that turn iPhones into iSpies can be weaponized and used against Macs as well

Apple yesterday issued an emergency security update for the Mac, patching the same trio of vulnerabilities the company fixed last week on the iPhone.

According to one of the groups that first revealed the flaws, the vulnerabilities could have been "weaponized" for use against OS X, the Mac's operating system.

The out-of-band update was aimed at OS X El Capitan (aka 10.11) and Yosemite (10.10), the 2015 and 2014 editions, respectively. Older versions, including 2014's OS X Mavericks, went unmatched: Apple is nearing the release of its annual Mac operating system upgrade and thus the end of support for the edition of three years ago.

Like the urgent update Apple released last week for the iPhone -- iOS 9.3.5 -- the Mac patches quash three bugs, two in the operating system's kernel and the third in the Safari browser.

According to reports from researchers at mobile security vendor Lookout and the Citizen Lab at the University of Toronto, the trio of bugs were used to spy on an activist in the United Arab Emirates by turning his iPhone into a surveillance tool. Citizen Labs pointed a finger at NSO Group, a shadowy Israeli company that allegedly sells vulnerabilities and spyware to governments, as the source of the flaws.

Prior to the disclosure last week, the vulnerabilities, pegged as "Trident" by Citizen Labs, were "zero-days," or unknown to Apple, and so extremely valuable on the black market.

The same three vulnerabilities found in iOS can be also exploited by a Trojan on OS X. Apple has released an emergency Security Update to close those three vulnerabilities for OS X, as they already did last week for them on iOS. It is PAST time for OS X El Capitan and Yosemite users to hit the Black Apple menu, select "App Store...", and then click on the "update" choice and update their computer! If you have yet to update your iOS device do it NOW using SETTINGS/General/Software Update. Note, these exploits are EXTREMELY EXPENSIVE for anyone to use against an individual, as they were proprietary to a single company, the NSO Group in Israel, who paid $1 million for them and was selling access to them for $650,000 per 10 iPhones, Android phones, and $500,000 per 10 Blackberry phones, and $300,000 per 10 Symbian phones, with a $500,000 one time set-up fee per customer. Apparently, the flaws were not just applicable to just Apple mobile devices and computers, but cross platform. . . but Apple has now closed the flaws on its devices. Nothing has been said about Android, Blackberry, or Symbian. The only customers of this company are governments.— PING!

Pinging dayglored and ThunderSleeps for their ping lists.

Apple OS X security update
and Cross platform concern
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

Geez, Swordmaker, try not to lose even more via wagering:-)

yeah, I blew a whole $5 on a nickel slot machine while my girlfriend did the same while waiting for our friends who were treating us to dinner. We did get to see the Penn & Teller Show which was great and we were able to walk into the Gold and Silver Pawn Shop where we met Mark Hall-Patton, the "Beard", the Curator of the Clark County Museum System, who knows everything about everything. Had our photo taken with him. The Pawn Stars' Pawn Shop is a LOT smaller than it appears on TV. . . and it's not laid out like it appears on the show. LOL. There's no room for a row of motorcycles inside, for example. Pity.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.