Apple pushed out its latest operating system, El Capitan, yesterday, and while it boasts many security fixes, the update fails to address the outstanding vulnerability in Gatekeeper that came to light this week.
The issue with Gatekeeper, as described yesterday by Patrick Wardle, the director of research at Synack, fails to verify whether an app runs or loads other apps or dynamic libraries from the same or relative directory. Apple is reportedly working on a short term mitigation for the simple, but effective bypass that Wardle cooked up and presented at Virus Bulletin today in Prague.
What Apple does fix in El Capitan 10.11 is a slew of other vulnerabilities, 100 in total, that existed in everything from Address Book to Mail to Time Machine to Notes.
Among the updates, the new OS X appears to fix the XARA password stealing vulnerabilities that a collective of Indiana University students publicized this summer. The problem stemmed from weak and faulty access control lists which made it easier to gain access to a user’s Keychain items, and in turn their iCloud passwords, authentication tokens, and other sensitive information. Apple claims it fixed the issue in its Online Store Kit through improved access control list checks.
The update also fixes roughly 20 bugs in PHP, a trio of bugs in bash, and multiple bugs in older versions of OpenSSH, and OpenSSL, all of which have been updated to their most recent versions.
45 issues were addressed in Safari 9, which Apple also pushed out Wednesday. In addition to a new feature that can mute audio on some Safari tabs, the latest iteration of the browser also fixed a handful of security issues, including bugs that could lead to compromise, arbitrary code execution, leak browsing history, and more. The bulk of issues fixed by the update were WebKit-related memory corruption bugs that could have resulted in browser termination, and in one case, thanks to an API, leak browsing history, network activity, and mouse movements.
One of the more curious fixes addressed an issue with how the browser interacted with password managers.
“The local communication between Safari extensions such as password managers and their native companion apps could be comprised by another native app,” Apple warns in its advisory, adding that the issue was addressed by a “new, authenticated communications channel between Safari extensions and companion apps.”
A separate update for iOS brought the mobile operating system to 9.0.2 and fixed another lockscreen bypass that was recently identified. Assuming an attacker had access to the physical device, because Apple enabled its personal assistant Siri on the lockscreen by default, they could access a users’ photos and contacts from the lockscreen.
The bug, dug up by iPhone user Jose Rodriguez, existed in iOS 9, and iOS 9.0.1, but was fixed yesterday.
Provided from: Techcrunch.