The Mac Security Blog

Security & Privacy

Security Updates Aplenty for iOS and OS X

Posted on by

It’s kind of a miracle that the Internets didn’t choke to death last week, given the incredible number of updates that came from Apple. Not only did Apple update iOS to version 6, it had updates for Mountain Lion and security updates for both Lion and Snow Leopard. In addition to that, they updated the iOS apps for GarageBand, Podcasts, Cards, Pages, Keynote, Numbers, iPhoto, iMovie, iBooks, iTunes U, Find My iPhone, Find My Friends, Airport Utility, and Remote.

As promised earlier, we’ll discuss the vulnerability fixes within the various OS updates. The latest version of iOS covers an astounding number of CVEs – 197, to be exact. That’s gotta be some sort of record! But this isn’t all that uncommon for Apple lately. As much as people may dislike their lack of transparency, Apple has been blowing out massive stacks of vulnerabilities. Just a week before releasing iOS 6, an update for iTunes was released that covered 163 CVEs.

The majority of the vulnerabilities that are fixed in iOS 6 are related to arbitrary code execution, which allows both jailbreaking and malicious code execution. Quite a few more closed vulnerabilities relate to information disclosure, and a handful of others deal with different ways of bypassing iOS’ passcode lock. Another interesting fix is to an SMS spoofing vulnerability that still affects many other phones. That’s pretty darn impressive.

The 33 CVEs closed in OS X updates for Snow Leopard, Lion and Mountain Lion have a similar breakdown: most of the vulnerabilities allowed arbitrary code execution, and many allowed information disclosure. Several more allowed a Denial of Service. The vast majority of these vulnerabilities do not affect Mountain Lion. On Lion, this update adds Gatekeeper, which allows you to restrict applications’ installation to either App Store only, App Store and signed developers, or leave installation as is. And for those of you who were troubled by battery life issues in Mountain Lion, this update brings battery life back to Lion levels. Again, a very good step in the right direction.