Today Apple has released new versions of its MacOS and iOS mobile operating systems which come with a large number of security patches.
A huge total of 70 vulnerabilities are patched by Apple in iOS 10.3. Out of these, 18 have the capacity to lead to an arbitrary code execution, in most cases using a maliciously crafted image and font files.
A flaw in Webkit rendering engine – CVE-2017-2378 – can be exploited by drag and dropping a malicious link, and can lead to bookmark spoofing or an arbitrary code execution.
The Webkit received a total of 19 patches against different vulnerabilities in iOS 10.3, these include including data exfiltration, memory contents leakage and corruption, and universal cross-site scripting.
Apple has also added a new pre-emptive security measures in the iOS 10.3. Users who want to change their iCloud passwords in systems settings control panel and then set up two-factor authentication can find it easier to do, as password and security section has been moved up in the menu hierarchy.
The latest iOS 10.3 now shows that all devices which are associated with the Apple ID users are signed in using, including Watch and Macs, and Windows devices running on Apple software like the iTunes.
This new section provides an easy access to Find My iPhone for the tracking devices, and if they are stolen or lost, to erase them. Other information such as credit cards, serial numbers, associated with devices and further identifiers are also now grouped under passwords and security.
Apple’s desktop and laptop OS, MacOS Sierra, received a whopping 127 security patches with version 10.12.4, also released today.
Many of the vulnerability fixes are shared with iOS 10.3, but MacOS gets a range of patches fixing open source components such as the Apache web server, TCP dump low-level network tool, Python scripting language, OpenSSL crypto library, and the OpenSSH remote access utility.