Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes. - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes.

Apple published one of it's usual updates for "everything". Below I took a shot at a quick summary. You can find details here

iOS 9.1

49 Vulnerabilities fixed. A number of these affect WebKit and are exploitable via Safari. The update also addresses numerous issues in the FontParser. 

WatchOS 2.0.1

14 Vulnerabilities fixed. CVE-2015-5916 looks like a repeat of what was fixed in WatchOS 2: ApplePay may allow malicious terminals to retrieve a partial transaction history.

Safari 9.0.1

9 Vulnerabilities in WebKit fixed (pretty much the same vulnerabilities fixed in iOS 9.0.1)

iTunes 12.3.1

12 Vulnerabilities fixed, 9 of which affect WebKit which is included in iTunes.


EFI contained unused functions that could be abused. This update removes these unused functions.

Apple OS X 10.11.1

41 Vulnerabilities fixed. Again WebKit and some Fontparser vulnerabilities. This update also addresses issues with open source software included in OS X like php. The Safari 9.0.1 update is included in this update.

I didn't see an update for AppleTV yet, but wouldn't be surprised if it will be released as well. At least the WebKit issues will also affect AppleTV.

Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4511 Posts
ISC Handler
Oct 21st 2015

Sign Up for Free or Log In to start participating in the conversation!