Two dangerous kernel bugs highlighted by Google’s Project Zero have been squashed
Apple has unleashed a spate of security updates for its portfolio of products, aiming to seal any holes and workarounds in its software platforms for iPhones, Macs and the Apple Watch.
IOS 10.2.1, macOS Sierra 10.12.3, watchOS 3.1.3, and tvOS 10.1.1 all received thorough tweaks to their security, further locking down the operating systems for Apple’s smartphones, laptops, TV box and smartwatches from exploitation by cyber criminals and opportunistic hackers.
Apple tightens security
The Cupertino company carried out a veritable smorgasbord of fixes to its security, such as a buffer overflow issues in macOS Sierra and logic bug in watchOS that could cause the wearable to unlock when it is off the user’s wrist.
But the most significant fixes were to a pair of kernel vulnerabilities, identified as CVE-2017-2370 and CVE-2017-2360 in Apple’s security update notes, which fixed bugs that could have allowed a malicious application to execute code with the highest level of kernel privileges.
Code executed at this level can weak havoc if its is malicious, according to security analyst Graham Cluley on Eset’s We Live Security blog.
“Such vulnerabilities potentially, if left unpatched, could be abused by criminal hackers eager to install malware onto targeted devices,” he wrote.
But in luckily for Apple, if somewhat ironic, the vulnerabilities were revealed to it by Google Project Zero security research and bug hunting team.
Cluley applauded Apple relatively speedy response to the security flaws: “Although it would have been better if these software bugs had not been present in the first place, Apple should be applauded for addressing the security holes and helping to make their users safer. A notable rival smartphone operating system has had a much more chequered history when it comes to making security updates available to users.”
Such a smartphone rival could be Android, which is often plagued with various security flaws and exploitations, a symptom of having a rather fragmented user base and an more open approach to mobile software than Apple and its locked down iOS.
Are you a security pro? Try our quiz!