Apple has just released a security update for all of its products. The critical update comes up against dozens of CVE security vulnerabilities in iOS, OS X Yosemite, Safari, and OS X Server.
The update includes patches for security blanks that an attacker could exploit to perform remote code.
For newer devices using iOS, Apple released iOS 8.4.1. The patch can be applied to the iPhone 4S and to the newest, the iPod Touch 5 generation and the newest, and the iPad 2 and the newer ones.
Among the fixes are patches for four iOS vulnerabilities that were discovered and used by jailbreak Team TaiG, a team famous for discovering ways to unlock iOS devices. These vulnerabilities allowed unsigned (and potentially unsafe) code to run on iOS.
Apple repaired 26 CVE vulnerabilities that allowed remote code execution on iOS WebKit and two other flaws in Safari.
Other fixes that come with the iOS update are a CloudKit flaw that allows malicious applications to obtain user data from iCloud, ImageIO vulnerability that can be caused by viewing .tiff files, and a flaw in UIKit WebView that will could allow applications to make FaceTime calls without permission.
Those running OS X should also update their machines immediately if they run with Yosemite and Mavericks. The 10.10.5 OS X version of Yosemite and 2015-006 Security Update include fixes to WebKit and Safari, as well as updates vulnerabilities in Apache, Bluetooth, Kernel, and QuickTime 7.
There is an update to Apple Safari for OS X Mavericks and Mountain Lion. The patch for the program browsing included with the Yosemite update, but not in the 2015-006 package. The update, referred to as Safari 8.0.8, 7.1.8, 6.2.8, includes fixes to 26 WebKit CVEs, as well as a flaw that allows spoofing viaconnections in Safari.
Finally, Apple released an update for OS X Server.
