After a series of security incidents, Apple has taken steps to ensure that 2016 does not repeat the same software issues that everyone has seen in recent months.
Security measures were implemented alongside updates to its mobile operating systems (iOS), Mac (OS X), TV service (Apple TV), Safari browser and operating system for its popular smartwatch (watchOS).
This change was prompted by an alarming number of vulnerabilities in its software. To get an idea of the situation Apple got into when the iOS 9.2 updates were released, it must be said that more than 50 security incidents were detected, while the number of problems with OS X reached more than one hundred.
Apple has released security updates for the operating systems that run on the iPhone, Mac, Apple TV and various versions of smartwatches, as well as Xcode and Safari.
• Xcode (v7.2) updates contain fixes for 4 bugs, Safari (v9.0.2) has 12 (all in Webkit), most of which can lead to arbitrary code execution if a user visits a site infected by malware.
• The tvOS update (v9.1) closes 48 security vulnerabilities, including the above 12 in Safari. Most other vulnerabilities can be triggered by malicious applications, infected images and websites and can lead to arbitrary code execution, usually related to kernel or system rights. An incident of memory corruption in remote SSL processing could be exploited by a hacker to run code on a TV.
• iOS 9.2 fixes 50 vulnerabilities, many of which are vulnerabilities that allow remote code execution in various iOS components. watchOS 2.1 contains many of the same fixes as iOS 9.2 (fixes in WebKit excluded).
• OS X El Capitan 10.11.2 (and security updates 2015-008 for Mavericks and Yosemite) fixes 54 issues, including some PHP issues and several LibreSSL issues that could allow a malicious application to pretend to be a keyserver and incident of memory corruption when processing an SSL protocol. Several stability issues were also fixed.
This update also includes Safari Content Security 9.0.2, and the QuickTime 7 browser plug-in is no longer enabled by default.
Nearly half of these vulnerabilities allowed cybercriminals to take control of a device by connecting to it through an accidentally installed malicious app.
It seems strange that Apple has to patch security flaws in its software when its fans have been bragging for years that no amount of malware or risk can tarnish the luster of its beloved brand.
However, it turned out that they were deeply mistaken, because. But for many years, there was no threat to these operating systems, and the last few years were one of the company’s biggest nightmares in this regard.
According to a recent study, the number of malware created for the Mac in 2015 was five times greater than the total number of threats created in the last five years. Thus, the security level of Apple devices and their users has reached a very low level.
On the one hand, bad news is good news for Apple: if more and more malware samples are being created for its operating systems, the brand is getting more and more popular.
Up until this point, as Windows (or Android in the case of mobile devices) held the lion’s share of the market, it was logical to assume that cybercriminals would put more effort into exploiting vulnerabilities in Microsoft’s operating system.
However, this growth means that Apple is now becoming an increasingly attractive target for cybercriminals, who will be able to generate more revenue from their malware.
Apple managed to close out the year by patching several security holes in its software, but that’s just the beginning: next year will likely show us even more security holes that need to be closed.