Apple Releases Security Updates for OS X El Capitan, Yosemite, and Safari
Apple released a trio of security updates on Thursday to patch vulnerabilities in their desktop operating systems and web browser. Users running OS X El Capitan should download Security Update 2016-001, while those still using OS X Yosemite will need Security Update 2016-005.
As MacRumors noted in their report on the updates, it is not customary for Apple to release standalone security updates for OS X. Instead, security updates tend to be bundled in with more overarching version updates. MacRumors theorized that the distribution of these two standalone updates could be a sign that Apple doesn’t plan to release any new versions of either El Capitan or Yosemite before the arrival of the new macOS operating system in the fall.
However, Apple may have also just decided to release these particular security updates as standalones due to the potential severity of the vulnerabilities at hand. Reading through the security document from Apple that discusses the content of the updates, it’s tough to get a grasp of just how urgent these updates are. According to The Telegraph, though, the security updates patch a series of vulnerabilities that allow hackers to turn Mac computers “into spying tools.”
If that vulnerability sounds familiar, it’s because it is. The security vulnerabilities that Apple is patching for OS X this week are the same ones that they patched for iOS last week. The iOS update concerned a trio of different vulnerabilities—dubbed the Trident—that hackers could use to switch on an iPhone’s camera and microphone and spy on the user. Security research firms Lookout and Citizen Lab discovered the vulnerabilities after the government of the United Arab Emirates tried to use them against Ahmed Mansoor, a human rights activist.
The Telegraph report says that, since Apple reuses a lot of the same code across their different software projects, the Trident vulnerabilities were also present in OS X Yosemite and OS X El Capitan. The latest security updates patch those vulnerabilities and prevent hackers from taking control of a Mac computer and using it for spying purposes. Users should update their operating systems as soon as possible to avoid such breaches of privacy.
The update to Safari (Safari 9.1.3) also addresses the Trident vulnerabilities. Since hackers can attack Safari users by employing a “maliciously crafted website,” it is important to install the update for Safari even if you have already updated OS X.