This week, Apple released three security updates to fix vulnerabilities in OS X, iOS, and Apple TV. The updates fix a wide range of vulnerabilities, including memory corruption flaws attackers could use to execute code, and something called a “triple handshake attack,” which attackers could leverage in man-in-the-middle (MitM) attacks against your SSL sessions. If you use OS X, iOS, or Apple TV, you should download and install Apple’s updates immediately, or let their automatic Software Updater do it for your.
See the links below for more information about each update:
In a related note, Kristin Paget, an ex-Apple security researcher, published a blog post criticizing Apple’s patching process. Apparently, Apple had already released updates to OS X previously that fix the same Webkit vulnerabilities that iOS 7.1.1. fixes this month. Paget argues that Apple needs to release all the like fixes at the same, otherwise attackers could reverse the patches from OS X to exploit against iOS, or vice versa. This is good advice, which I hope Apple adopts in the future — Corey Nachreiner, CISSP (@SecAdept)