Apple Patches "Trident" Vulnerabilities in OS X / Safari
Last Updated: 2016-09-02 11:33:23 UTC
by Johannes Ullrich (Version: 1)
About a week ago, Apple patched three vulnerabilities in iOS that had been used in a targeted exploit. This set of vulnerabilities, also known as "Trident," affected WebKit and the iOS kernel. Given the substantial code overlap between iOS and OS X, and in particular the fact that one of the vulnerabilities affected WebKit, it is no surprise that OS X and Safari are vulnerable as well.
Yesterday, Apple released a patch of OS X and Safari to address these issues.
The OS X update, which is only available for El Capitan and Yosemite, fixes the two kernel vulnerabilities. The Safari update which is available for OS X Mavericks and Yosemite (not the latest version, El Capitan), fixes the WebKit vulnerability.
I recommend patching these quickly given that the same vulnerabilities have already been exploited for iOS.
I guess Apple would need be challenged to create the scanner for iOS as they're the ones with the permissions to do so on non-jailbroken devices. As we would like to think they are..
Sep 4th 2016
6 years ago