Sep 30 2015

Apple Releases Security Updates for OS X El Capitan, Safari, and iOS

Original release date: September 30, 2015

Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code.

Available updates include:

  • OS X El Capitan 10.11 for Mac OS X v10.6.8 and later
  • Safari 9 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
  • iOS 9.0.2 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates for OS X El Capitan, Safari, and iOS and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Sep 30 2015

WinRAR affected by new zero-day vulnerability

A new remote code execution vulnerability affecting the compression utility is less dangerous than first believed.

続きを読む
Sep 30 2015

Apple’s “Gatekeeper” in Mac OS X vulnerable to simple bypass

Researcher Patrick Wardle details security weakness in Apple’s “Gatekeeper” in Mac OS X that could allow attackers to run unverified, unsigned code.

続きを読む
Sep 30 2015

Nerves rattled by highly suspicious Windows Update delivered worldwide

People around the world are receiving a highly suspicious software bulletin through the official Windows Update, raising concerns that Microsoft's automatic patching mechanism may be broken or, worse, has been compromised to attack end users.

This Web search, which queries the random-appearing string included in the payload, suggests that it's being delivered to people in multiple regions. The same unexplained and almost certainly unauthorized patch is being reported in a variety of online posts, including this one hosted by Microsoft. The updates appear to be coming directly from servers that are cryptographically certified to be part of Microsoft's Windows Update system.

"Clearly there's something that's delivered into the [Windows Update] queue that's trusted," Kenneth White, a Washington DC-based security researcher, told Ars after contacting some of the Windows users who received the suspicious update. "For someone to compromise the Windows Update server, that's a pretty serious vector. I don't raise the alarm very often but this has just enough characteristics of something pretty serious that I think it's worth looking at."

Read 5 remaining paragraphs | Comments