Skip to main content

New OS X & Safari updates patch security exploit that allowed remote infiltration

Last week, Apple issued a surprise security fix for iOS that patched a vulnerability that allowed attackers to remotely gain control of a user’s device if they simply clicked a link. Now, Apple has issued the same security patch for users of OS X 10.11.6 El Capitan and 10.10.5 Yosemite.

The vulnerability has been named “Pegasus” and takes advantage of zero-day vulnerabilities to remotely jailbreak and install monitoring software on a user’s device, obviously without the user’s knowledge. Part of the exploit takes advantage of a memory corruption flaw in Safari WebKit that allows hackers to initiate the process of overtaking the operating system.

One of the nastiest aspects of this vulnerability is that it allows the attacker to intercept information from a variety of third-party apps and services, including Gmail, Facebook, Skype, WeChat, and more. These are, of course, in addition to first-party services like iMessage and FaceTime.

Last week, iOS 9.3.5 patched the same exploit. At the time, The New York Times described the exploit as an effort “to spy on dissidents and journalists.” Because the mobile and desktop versions of Safari share similar code, the exploit was essentially cross-platform.

Apple writes the following about the Safari 9.1.3 WebKit update on its support website:

WebKit

  • Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6
  • Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-4654: Citizen Lab and Lookout

Kernel

  • Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
  • Impact: An application may be able to disclose kernel memory
  • Description: A validation issue was addressed through improved input sanitization.
  • CVE-2016-4655: Citizen Lab and Lookout

Kernel

  • Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-4656: Citizen Lab and Lookout

Needless to say, this flaw shouldn’t be taken lightly and all OS X users should update immediately.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications