This past week Apple released updates for its operating systems and Safari web browser. These updates were made available between December 2 and December 6, but release notes outlining the security content of all updates were delayed until just a day ago (Safari notes still haven’t been published). Following is an overview of Apple’s security updates and how to install them.
A total of 22 security issues were addressed for the current and previous two operating system (OS) versions. Apache, Directory Utility, Intel Graphics Driver and Kernel all received some attention. Mail received a fix for an issue that could cause S/MIME encrypted emails to be sent out unencrypted. Directory Utility and Screen Sharing Server had some work done to it to fix what was left of the root vulnerability. The Kernel received the most attention with 8 issues addressed that could lead to an application reading restricted memory contents and execute arbitrary code with kernel privileges.
In terms of software security, it has not been a stellar month for Apple, so having some more security issues addressed is definitely a good thing and hopefully more attention will be paid before future updates are released.
Apart from security fixes, some non-security related issues were addressed as well, namely:
And for enterprise users:
For the full list of security issues addressed by these updates, have a look here. macOS 10.13.2 High Sierra can be downloaded through the App Store or as a stand-alone installer here. A Combo update is now also available which can be downloaded here. Security Update 2017-002 macOS Sierra can be downloaded through the App Store or here. And Security Update 2017-005 El Capitan can be downloaded from the App Store.
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
iOS 11.2 introduced Apple Pay Cash to send, request, and receive money from friends and family with Apple Pay (US only), and also addressed quite a few non-security related bugs, which you can see listed here. In total, 14 security related issues were addressed with 8 for the Kernel, 1 for Mail addressing an S/MIME encryption issue and 1 for Wi-Fi.
The addressed Wi-Fi issue deserves some attention as this finally fixes the KRACK vulnerability for all the Apple devices that were left out in the cold almost two months ago. When the KRACK issues were first addressed, it was only made available for iPhone 7 and newer and 2016 iPad Pro and newer. Now the following devices are finally protected as well:
iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation.
The full list of security issues addressed can be found here. iOS 11.2 can be downloaded over the air by going to Settings > General > Software Update. You can also connect your iOS device to your Mac and let iTunes do the update for you.
Ten security issues were addressed in this update with the biggest focus on Kernel. tvOS also saw an issue relating to KRACK addressed that is now available to all Apple TV (4th generation) users. Previously the KRACK vulnerability was only patched for Apple TV 4K users.
The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.
watchOS received the same security related fixes that iOS 11.2 did, and the KRACK vulnerability that was previously only available for Series 1 and Series 2 watches is now also available for Apple Watch (1st Generation) and Apple Watch Series 3.
New features and other fixes and improvements include:
The full list of security issues addressed can be found here. watchOS 4.2 can be installed by connecting the watch to its charger, then on the iPhone open the Apple Watch app > My Watch tab > General > Software Update.
No release notes are currently available for this Safari update, but a safe assumption is that most, if not all, fixes involve WebKit.
It is recommended to update to the latest system and application versions as soon as you can to take advantage of all the new features, enhancements and fixes. And, of course, make sure your data is backed up before doing so!
