January 20, 2016
Apple on Tuesday released security patches for iOS, OS X and an update for the Safari browser.
The patches come less than a week after a ShmooCon presentation by Synack director of research Patrick Wardle revealed that Apple’s Gatekeeper security feature in OS X can be bypassed by an attacker with network-level access.
The OS X update, El Capitan 10.11.3, patches nine vulnerabilities flaws including memory corruption issues in the OS X kernel, Apple Graphics Power Management, Disk Images, IOAccelerator Family, IOHIDFamily, and IOKit that enable attackers on the local network to execute arbitrary code with local privileges.
Apple also patched a type confusion issue in libxslt that can be executed in a web-based attack leading to code execution; the flaw affects Mavericks, Yosemite and current versions of El Capitan.