If an attacker were to access Apple’s servers without being detected and obtained cipher texts(encrypted messages sent using iMessage) they could given sufficient time decrypt the attachments of the messages which can be photos or other files providing that either the sender or receiver of that encrypted message is online. Why Should The Critical Cryptographic Flaw Resolved in the Updated Messages App be Considered Important?įrom the information that has been made available on this attack it appears to be a side-channel attack namely one where real world data is gathered in how the cryptosystem works. This vulnerability was assigned the following CVE: CVE-2016-1757 Further discussion of this vulnerability is available here.Īpple Safari 9.1: Resolves 12 CVEs the most critical being present in the libxml2 and WebKit (the renderer of Safari).Īpple OS X Server 5.1: Addresses 4 CVEs the most severe of which could allow information disclosure.Īn alternative summary of these updates is available within Intego’s blog post.
Os x server 5.0.15 update#
The update for OS X 10.11 (El Capitan) also addresses a vulnerability in the System Integrity Protection (SIP) present in the most recent version of the OS.
Os x server 5.0.15 driver#
Noteworthy fixes included are as follows:Īpple iOS 9.3: Resolves 38 CVEs and includes fixes for AppleUSBNetworking, FontParser, HTTPProtocol, iOS kernel ( defined), libxml2, Security, TrueTypeScaler, WebKit (and associated components and Wi-Fi (among others).Īpple watchOS 2.2: Resolves 34 CVEs and includes fixes for DiskImages, FontParser, HTTPProtocol, IOHIDFamily, watchOS kernel, libxml2, Messages, Security, syslog, TrueTypeScaler, WebKit and Wi-Fi.Īpple tvOS 9.2: Addresses 23 CVEs, the most severe present in the following components: DiskImages, FontParser, HTTPProtocol, IOHIDFamily, watchOS kernel, libxml2, Messages, Security, syslog, TrueTypeScaler, WebKit and Wi-Fi.Īpple Xcode 7.3: Resolves 2 critical CVEs.Īpple OS X El Capitan v10.11.4 and Security Update 2016-002: Resolves 59 CVEs the most severe being present in the following: apache_mod_php, AppleRAID ( defined), AppleUSBNetworking, Bluetooth, Carbon, dyld, FontParser, HTTPProtocol, Intel Graphics Driver ( defined), IOGraphics, IOUSBFamily, OS X kernel, libxml2, Messages, Nvidia Graphics Drivers, OpenSSH, OpenSSL, Python, QuickTime, Ruby, Security, Tcl, TrueTypeScaler, Wi-Fi. I will provide more detail on this vulnerability below. These updates resolve the cryptographic flaw in Apple’s iMessage app as reported by Matthew Green and his team of research students known as CVE-2016-1788 ( defined). This issue is also present in watchOS and OS X. Without question the most important update is for iOS bringing it to version 9.3.
Os x server 5.0.15 tv#
Apple tvOS 9.2: For Apple TV (4th generation).