If you’re unaware, there have recently been reports of government involvement in some cases of spyware attacks on the general populous. Apple was prompt to response after the report hit the interwebs. It immediately issued an update for iOS(9.3.5) to patch the certain vulnerabilities.
These spyware attacks, reportedly orchestrated by the govt., were able to exploit three zero-day vulnerabilities to gain kernel access to your iPhone. Called the ‘Trident’, could have resulted into a one-step jailbreak option for the hackers. It would give access to all phone data and communication in the absence of any security patch.
Now Apple believes that the deployed zero-day exploits kind-of also worked against Safari browser and OS X. And this isn’t a surprising discovery because all the pieces of Apple software work from a shared code base to some extent.
Thus, the Cupertino tech giant is now releasing security patches to fix the trio of vulnerabilities on operating system versions El Capitan(v10.11.6) and Yosemite(v10.10.5). There is, however, no information on the effect of these zero-day vulnerabilities on previous versions of the OS — Mavericks or Mountain Lion.
The issues which could disclose the kernel memory and execute arbitrary code using these privileges have now been fixed through improved input sanitization and improved memory handling. This security patch updates are also expected to be baked into the upcoming iteration of the OS x(or the soon to be called macOS) Sierra.
A similar security patch with improved memory handling has also been issued for the Safari browser. This release bumps the release build to #9.1.3. Though Apple took some extra time to investigate and release security patches for the Mac, it now seems that the cyber threat has been put to bed once and for all.
You can grab the security update from the Updates Tab in the Mac App Store. And update immediately to prevent your precious Mac from malicious spyware exploits.