The Mac Security Blog

Security News

Patch Now to Stay Secure: OS X El Capitan 10.11.3 and Security Update 2016-001 Released

Posted on by

OS X El Capitan logo on desktop background image

Apple has released OS X El Capitan 10.11.3, its first public update in 2016 and the third major update for El Capitan since the operating system was released, and Security Update 2016-001 to patch a number of vulnerabilities in the software.

Security Update 2016-001 is available for OS X Mavericks 10.9.5, OS X Yosemite 10.10.5, and OS X El Capitan 10.11 to 10.11.2.

According to Apple, generally speaking, here’s what’s new in OS X El Capitan 10.11.3:

The OS X El Captian 10.11.3 update improves the stability, compatibility, and security of your Mac. This update contains bug fixes and security updates.

The update patches lingering bugs and performance issues hanging out in the Mac operating system, but, unfortunately, Apple still hasn’t provided a full fix for the Gatekeeper flaws detailed by security researcher Patrick Wardle last week.

OS X El Capitan 10.11.3 and Security Update 2016-001 addresses the following vulnerabilities:

  • CVE-2016-1716 : A local user may be able to execute arbitrary code with kernel privileges. A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1717 : A local user may be able to execute arbitrary code with kernel privileges. A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
  • CVE-2016-1718 : A local user may be able to execute arbitrary code with kernel privileges. A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1719 : A local user may be able to execute arbitrary code with kernel privileges. A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling.
  • CVE-2016-1720 : A local user may be able to execute arbitrary code with kernel privileges. A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1721 : A local user may be able to execute arbitrary code with kernel privileges. A memory corruption issue was addressed through improved memory handling.
  • CVE-2015-7995 : Visiting a maliciously crafted website may lead to arbitrary code execution. A type confusion issue existed in libxslt. This issue was addressed through improved memory handling.
  • CVE-2016-1729 : A quarantined application may be able to override OSA script libraries installed by the user. An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks.
  • CVE-2016-1722 : A local user may be able to execute arbitrary code with root Privileges. A memory corruption issue was addressed through improved memory handling.

Before updating, it’s a good idea to back up your Mac in case disaster strikes. Then you can head over to the Mac App Store and search for El Capitan, or go directly to the El Capitan page to install the latest updates.

Have you discovered something new you like in the software or experienced any issues after updating? Drop us a comment below!