Apple has released updates to address multiple vulnerabilities that have been discovered in Apple’s OS X, Safari, iOS, and Xcode products that could allow remote code execution. ITS and ISC strongly recommends:
- All users of OS X Yosemite update to 10.10.3.
- All users of OS X Mountain Lion and Mavericks install Security Update 2015-004.
- All users of iOS (iPhone 4s and later; iPod touch 5th generation and later; iPad 2 and later) update to iOS 8.3.
- All users of Safari 8, 7, and 6 update to Safari 8.0.5, 7.1.5, 6.2.5, respectively.
- All users of Apple TV (3rd generation and later) update to 7.2
- All users of Xcode (OS X Yosemite) update to 6.3
Running Software Update on your computing device should automatically present you with the correct update(s).
These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file (including an email attachment) while using an vulnerable version of OS X, Safari, or iOS. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected systems include:
- Apple TV Prior To 7.2
- Apple iOS 8.3
- Apple Safari 6 Prior To 6.2.5
- Apple Safari 7 Prior To 7.1.5
- Apple Safari 8 Prior To 8.0.5
- Apple OS X Prior To 10.10.3
- Apple Xcode Prior To 6.3
OS X: https://support.apple.com/en-us/HT204659
Apple TV: https://support.apple.com/en-us/HT204662