We recently shared a story concerning the release of iOS 10.3.3 and the critical Wi-Fi vulnerabilities it corrected within the Broadcom chips used in many iPhones. That update, released July 19th, also accompanied updates for many other Apple products, including macOS Sierra, tvOS, and Safari. The “Broadpwn” bug corrected in the latest version of iOS was also fixed in many of these updates as well. Users who apply these updates are no longer at risk from malicious Wi-Fi networks that can use Broadpwn to take over devices. However, these patches do far more than correct this one serious potential exploit. In total, Apple issued updates to fix more than 200 issues in total.
One of other issues Apple addressed could have allowed certain sites to lie to you about websites you visit in Safari. An address spoofing exploit in the browser would let attackers create web pages that looked legitimate in your address bar — even when you’re on a different page altogether. Such an exploit could serve as an attack vector for deploying malware or to phish information from unsuspecting users.
macOS Sierra received a fresh round of updates as well, including vital patches to the system kernel to close loopholes that could have allowed malware to gain a foothold. Apple fixed many recently uncovered issues concerning the way the system and its applications handle memory. These changes are wide-reaching; some, for example, prevent software from accessing some “off limits” areas of the memory. The Apple Watch’s systems also received an update that will close some security loopholes and prevent problems caused by malicious applications.
After going the entire month of June without any security updates, Apple made up for lost time with the size and scope of this most recent round. As always, we encourage you to apply these updates as soon as possible. Not only are they vital to protect you from the Broadpwn exploit, but they provide essential protection from many other wide-ranging issues, too.