![\"Apple](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/10\/apple-software-security-updates.jpg\")
<\/p>\n<\/p>\n
<\/p>\n
Today, Apple released software updates with security fixes for just about all of its products: macOS, iOS, watchOS, tvOS and Safari. Apple’s\u00a0security updates are available for all Apple Watch models, iPhone 5 and later, iPad (4th generation and later), iPod touch (6th generation and later), Apple TV (4th generation), OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.<\/p>\n
One of the best things you can do to secure your computer is to keep your software up to date, because software vulnerabilities\u00a0tend to be the easiest point of entry for hackers to circumvent\u00a0your defenses. For this reason alone, it’s imperative to update the software on your Mac, your iOS devices, Apple TV and on your Apple Watch. Below is a list of issues addressed in Apple’s latest security updates, along with\u00a0directions on where to obtain the updates.<\/p>\n
Listed as an update that improves stability, compatibility and security it addresses the following:<\/p>\n
There are also 16 security fixes included. Most notable are patches to security where a local attacker may have been able to observe the length of a login password upon login,\u00a0the CoreGraphics and ImageIO where viewing or parsing a maliciously crafted JPEG or PDF file may have lead to arbitrary code execution. FontParser also received a patch to prevent the disclosure of sensitive user information if a maliciously crafted font was parsed. FaceTime also received a patch to prevent an attacker in a privileged network position to cause a relayed call to continue transmitting audio while appearing as if the call terminated. The Safari 10.0.1 update is wrapped into this Sierra update as well.\u00a0The full list of security fixes can be seen below or by visiting the Apple website<\/a>.<\/p>\nClick here to see the full list of macOS Sierra 10.12.1 security fixes<\/span> Released October 24, 2016<\/span><\/p>\n AppleGraphicsControl<\/strong><\/p>\n Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6<\/p>\n Impact: An application may be able to execute arbitrary code with kernel privileges<\/p>\n Description: A memory corruption issue was addressed through improved lock state checking.<\/p>\n CVE-2016-4662: Apple<\/p>\n AppleSMC<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: A local user may be able to elevate privileges<\/p>\n Description: A null pointer dereference was addressed through improved locking.<\/p>\n CVE-2016-4678: daybreaker@Minionz working with Trend Micro’s Zero Day Initiative<\/p>\n ATS<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: Processing a maliciously crafted font file may lead to arbitrary code execution<\/p>\n Description: A memory corruption issue was addressed through improved memory handling.<\/p>\n CVE-2016-4667: Simmon Huang of alipay, Thelongestusernameofall@gmail.com, Moony Li of Trend Micro, @Flyic<\/p>\n ATS<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: A local user may be able to execute arbitrary code with additional privileges<\/p>\n Description: A memory corruption issue was addressed through improved memory handling.<\/p>\n CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team<\/p>\n CFNetwork Proxies<\/strong><\/p>\n Available for:\u00a0macOS Sierra 10.12<\/p>\n Impact: An attacker in a privileged network position may be able to leak sensitive user information<\/p>\n Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.<\/p>\n CVE-2016-7579: Jerry Decime<\/p>\n CoreGraphics<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution<\/p>\n Description: A memory corruption issue was addressed through improved memory handling.<\/p>\n CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent<\/p>\n FaceTime<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated<\/p>\n Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.<\/p>\n CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com<\/p>\n FontParser<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: Parsing a maliciously crafted font may disclose sensitive user information<\/p>\n Description: An out-of-bounds read was addressed through improved bounds checking.<\/p>\n CVE-2016-4660: Ke Liu of Tencent’s Xuanwu Lab<\/p>\n ImageIO<\/strong><\/p>\n Available for: OS X El Capitan v10.11.6<\/p>\n Impact: Parsing a maliciously crafted PDF may lead to arbitrary code execution<\/p>\n Description: An out-of-bounds write was addressed through improved bounds checking.<\/p>\n CVE-2016-4671: Ke Liu of Tencent’s Xuanwu Lab, Juwei Lin (@fuzzerDOTcn)<\/p>\n ImageIO<\/strong><\/p>\n Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6<\/p>\n Impact: Processing a maliciously crafted image may result in the disclosure of process memory<\/p>\n Description: An out-of-bounds read issue existed in the SGI image parsing. This issue was addressed through improved bounds checking.<\/p>\n CVE-2016-4682: Ke Liu of Tencent’s Xuanwu Lab<\/p>\n libarchive<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: A malicious archive may be able to overwrite arbitrary files<\/p>\n Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.<\/p>\n CVE-2016-4679: Omer Medan of enSilo Ltd<\/p>\n libxpc<\/strong><\/p>\n Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12<\/p>\n Impact: An application may be able to execute arbitrary code with root privileges<\/p>\n Description: A logic issue was addressed through additional restrictions.<\/p>\n CVE-2016-4675: Ian Beer of Google Project Zero<\/p>\n ntfs<\/strong><\/p>\n Available for: macOS Sierra 10.12<\/p>\n Impact: An application may be able to cause a denial of service<\/p>\n Description: An issue existed in the parsing of disk images. This issue was addressed through improved validation.<\/p>\n CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office for Information Security)<\/p>\n NVIDIA Graphics Drivers<\/strong><\/p>\n Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6<\/p>\n Impact: An application may be able to cause a denial of service<\/p>\n Description: A memory corruption issue was addressed through improved input validation.<\/p>\n CVE-2016-4663: Apple<\/p>\n Security<\/strong><\/p>\n Available for:\u00a0macOS Sierra 10.12<\/p>\n Impact: A local attacker can observe the length of a login password when a user logs in<\/p>\n Description: A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.<\/p>\n CVE-2016-4670: an anonymous researcher<\/p>\n System Boot<\/strong><\/p>\n Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12<\/p>\n Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel<\/p>\n Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.<\/p>\n CVE-2016-4669: Ian Beer of Google Project Zero<\/p>\n<\/div>\n The update can be downloaded by going to the App Store <\/strong>> Updates <\/strong>tab.<\/p>\n Note that Security Update 2016-002 10.11.6<\/a> was also released today for El Capitan users and Security Update 2016-006 10.10.5<\/a> for Yosemite users. The list of vulnerabilities these updates addressed have been listed on the Sierra 10.12.1 security content page<\/a>.<\/p>\n These Security Updates can be downloaded through the download links above or the App Store via the Updates tab.<\/p>\n Listed as an update that\u00a0includes Portrait Camera for iPhone 7 Plus (beta), transit directions for Japan, stability improvements and bug fixes. The list of improvements is lengthy and can be read here<\/a>. As for security related fixes, there were a total of 13. Most of the same issues that were found in macOS were addressed in iOS as well, including the Security, CoreGraphics, ImageIO and FontParser vulnerabilities. For iOS specifically, two Sandbox Profiles vulnerabilities were addressed to prevent an application from being able to retrieve metadata of photo directories and audio recording directories.\u00a0The full list of security fixes can be seen below or by visiting\u00a0the Apple website<\/a>.<\/p>\nClick here to see the full list of iOS 10.1 security fixes<\/span> Released October 24, 2016<\/span><\/p>\n CFNetwork Proxies<\/strong><\/p>\n Available for:\u00a0iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: An attacker in a privileged network position may be able to leak sensitive user information<\/p>\n Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.<\/p>\n CVE-2016-7579: Jerry Decime<\/p>\n Contacts<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: An application may be able to maintain access to the Address Book after access is revoked in Settings<\/p>\n Description: An access control issue in the Address Book was addressed through improved file-link validation.<\/p>\n CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)<\/p>\n CoreGraphics<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution<\/p>\n Description: A memory corruption issue was addressed through improved memory handling.<\/p>\n CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent<\/p>\n FaceTime<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated<\/p>\n Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.<\/p>\n CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com<\/p>\n FontParser<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: Parsing a maliciously crafted font may disclose sensitive user information<\/p>\n Description: An out-of-bounds read was addressed through improved bounds checking.<\/p>\n CVE-2016-4660: Ke Liu of Tencent’s Xuanwu Lab<\/p>\n Kernel<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: An application may be able to disclose kernel memory<\/p>\n Description: A validation issue was addressed through improved input sanitization.<\/p>\n CVE-2016-4680: Max Bazaliy of Lookout and in7egral<\/p>\n libarchive<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: A malicious archive may be able to overwrite arbitrary files<\/p>\n Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.<\/p>\n CVE-2016-4679: Omer Medan of enSilo Ltd<\/p>\n libxpc<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: An application may be able to execute arbitrary code with root privileges<\/p>\n Description: A logic issue was addressed through additional restrictions.<\/p>\n CVE-2016-4675: Ian Beer of Google Project Zero<\/p>\n Sandbox Profiles<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: An application may be able to retrieve metadata of photo directories<\/p>\n Description: An access issue was addressed through additional sandbox restrictions on third party applications.<\/p>\n CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)<\/p>\n Sandbox Profiles<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: An application may be able to retrieve metadata of audio recording directories<\/p>\n Description: An access issue was addressed through additional sandbox restrictions on third party applications.<\/p>\n CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)<\/p>\n Security<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: A local attacker can observe the length of a login password when a user logs in<\/p>\n Description: A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.<\/p>\n CVE-2016-4670: an anonymous researcher<\/p>\n System Boot<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel<\/p>\n Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.<\/p>\n CVE-2016-4669: Ian Beer of Google Project Zero<\/p>\n WebKit<\/strong><\/p>\n Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later<\/p>\n Impact: Processing maliciously crafted web content may lead to arbitrary code execution<\/p>\n Description: Multiple memory corruption issues were addressed through improved memory handling.<\/p>\n CVE-2016-4677:\u00a0Anonymous working with Trend Micro Zero Day Initiative<\/p>\n<\/div>\n<\/article>\n<\/section>\n The update can be downloaded over the air by going to Settings <\/strong>> General <\/strong>> Software Update.\u00a0<\/strong>You can also connect your iOS device to your Mac and let iTunes do the update for you.<\/p>\n A combined 10 security issues were addressed in tvOS 10.0.1, mostly the same as those addressed in iOS. The full list of security fixes can be seen below or by visiting\u00a0the Apple website<\/a>.<\/p>\ntrigger textClick here to see the full list of tvOS 10.0.1 security fixes<\/span> Released October 24, 2016<\/span><\/p>\n CFNetwork Proxies<\/strong><\/p>\n Available for:\u00a0Apple TV (4th generation)<\/p>\n Impact: An attacker in a privileged network position may be able to leak sensitive user information<\/p>\n Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.<\/p>\n CVE-2016-7579: Jerry Decime<\/p>\n CoreGraphics<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution<\/p>\n Description: A memory corruption issue was addressed through improved memory handling.<\/p>\n CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent<\/p>\n FontParser<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: Parsing a maliciously crafted font may disclose sensitive user information<\/p>\n Description: An out-of-bounds read was addressed through improved bounds checking.<\/p>\n CVE-2016-4660: Ke Liu of Tencent’s Xuanwu Lab<\/p>\n Kernel<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: An application may be able to disclose kernel memory<\/p>\n Description: A validation issue was addressed through improved input sanitization.<\/p>\n CVE-2016-4680: Max Bazaliy of Lookout and in7egral<\/p>\n libarchive<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: A malicious archive may be able to overwrite arbitrary files<\/p>\n Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.<\/p>\n CVE-2016-4679: Omer Medan of enSilo Ltd<\/p>\n libxpc<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: An application may be able to execute arbitrary code with root privileges<\/p>\n Description: A logic issue was addressed through additional restrictions.<\/p>\n CVE-2016-4675: Ian Beer of Google Project Zero<\/p>\n Sandbox Profiles<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: An application may be able to retrieve metadata of photo directories<\/p>\n Description: An access issue was addressed through additional sandbox restrictions on third party applications.<\/p>\n CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)<\/p>\n Sandbox Profiles<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: An application may be able to retrieve metadata of audio recording directories<\/p>\n Description: An access issue was addressed through additional sandbox restrictions on third party applications.<\/p>\n CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)<\/p>\n System Boot<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel<\/p>\n Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.<\/p>\n CVE-2016-4669: Ian Beer of Google Project Zero<\/p>\n WebKit<\/strong><\/p>\n Available for: Apple TV (4th generation)<\/p>\n Impact: Processing maliciously crafted web content may lead to arbitrary code execution<\/p>\n Description: Multiple memory corruption issues were addressed through improved memory handling.<\/p>\n CVE-2016-4677:\u00a0Anonymous working with Trend Micro’s Zero Day Initiative<\/p>\n<\/div>\n The update can be downloaded directly from the Apple TV by going to Settings<\/strong> > System<\/strong> > Update Software<\/strong>.<\/p>\n Listed as an update that includes improvements and bug fixes.<\/p>\n The update also includes 8 security fixes, which are the same as those addressed in iOS 10.1.\u00a0The full list of security fixes can be seen below or by visiting\u00a0the Apple website<\/a>.<\/p>\nClick here to see the full list of watchOS 3.1 security fixes<\/span> Released October 24, 2016<\/span><\/p>\n CoreGraphics<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution<\/p>\n Description: A memory corruption issue was addressed through improved memory handling.<\/p>\n CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent<\/p>\n FontParser<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: Parsing a maliciously crafted font may disclose sensitive user information<\/p>\n Description: An out-of-bounds read was addressed through improved bounds checking.<\/p>\n CVE-2016-4660: Ke Liu of Tencent’s Xuanwu Lab<\/p>\n Kernel<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: An application may be able to disclose kernel memory<\/p>\n Description: A validation issue was addressed through improved input sanitization.<\/p>\n CVE-2016-4680: Max Bazaliy of Lookout and in7egral<\/p>\n libarchive<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: A malicious archive may be able to overwrite arbitrary files<\/p>\n Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.<\/p>\n CVE-2016-4679: Omer Medan of enSilo Ltd<\/p>\n libxpc<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: An application may be able to execute arbitrary code with root privileges<\/p>\n Description: A logic issue was addressed through additional restrictions.<\/p>\n CVE-2016-4675: Ian Beer of Google Project Zero<\/p>\n Sandbox Profiles<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: An application may be able to retrieve metadata of photo directories<\/p>\n Description: An access issue was addressed through additional sandbox restrictions on third party applications.<\/p>\n CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)<\/p>\n Sandbox Profiles<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: An application may be able to retrieve metadata of audio recording directories<\/p>\n Description: An access issue was addressed through additional sandbox restrictions on third party applications.<\/p>\n CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)<\/p>\n System Boot<\/strong><\/p>\n Available for: All Apple Watch models<\/p>\n Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel<\/p>\n Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.<\/p>\n CVE-2016-4669: Ian Beer of Google Project Zero<\/p>\n<\/div>\n The update can be installed\u00a0by connecting the watch to its charger then on the iPhone open the Apple Watch app<\/strong> > My Watch tab<\/strong> > General<\/strong> > Software Update<\/strong>.<\/p>\n Available for OS X Yosemite 10.10.5, OS X El Capitan 10.11.6 and macOS Sierra 10.12 and fixes 3 WebKit vulnerabilities. Those 3 vulnerabilities were enough for Apple to push out this update as they address arbitrary code execution and the disclosure of sensitive user information if a maliciously crafted website is visited.\u00a0The full details\u00a0of the security fixes can be seen below or by visiting\u00a0the Apple website<\/a>.<\/p>\nClick here to see the full list of Safari 10.0.1 security fixes<\/span> Released October 24, 2016<\/span><\/p>\n WebKit<\/strong><\/p>\n Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12<\/p>\n Impact: Processing maliciously crafted web content may lead to arbitrary code execution<\/p>\n Description: Multiple memory corruption issues were addressed through improved memory handling.<\/p>\n CVE-2016-4666: Apple<\/p>\n WebKit<\/strong><\/p>\n Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12<\/p>\n Impact: Processing maliciously crafted web content may lead to the disclosure of sensitive user information<\/p>\n Description: A cross-origin issue existed with location attributes. This was addressed through improved tracking of location attributes across origins.<\/p>\n CVE-2016-4676: Apple<\/p>\n WebKit<\/strong><\/p>\n Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12<\/p>\n Impact: Processing maliciously crafted web content may lead to arbitrary code execution<\/p>\n Description: Multiple memory corruption issues were addressed through improved memory handling.<\/p>\n CVE-2016-4677:\u00a0Anonymous working with Trend Micro’s Zero Day Initiative<\/p>\n<\/div>\n The update can be downloaded by going to the\u00a0App Store\u00a0<\/strong>>\u00a0Updates\u00a0<\/strong>tab.\u00a0It will be visible for Yosemite and El Capitan users as an available update, but if current Sierra users want it they will have to install the before mentioned 10.12.1 update which has the Safari security fixes built in.<\/p>\n Before installing any updates, we recommend\u00a0that you\u00a0backup your data and just in case something falls afoul during the update process.<\/p>\n","protected":false},"excerpt":{"rendered":" Today, Apple released software updates with security fixes for just about all of its products: macOS, iOS, watchOS, tvOS and Safari. Apple’s\u00a0security updates are available for all Apple Watch models, iPhone 5 and later, iPad (4th generation and later), iPod touch (6th generation and later), Apple TV (4th generation), OS X Yosemite 10.10.5, OS […]<\/p>\n","protected":false},"author":79,"featured_media":58906,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5],"tags":[3160,3157,3169,3163,3166],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n\nmacOS Sierra 10.12.1<\/h2>\n
iOS 10.1<\/h3>\n
\niOS 10.1<\/h2>\n
tvOS 10.0.1<\/h3>\n
\ntvOS 10.0.1<\/h2>\n
watchOS 3.1<\/h3>\n
\n
\nwatchOS 3.1<\/h2>\n
Safari 10.0.1<\/h3>\n
\nSafari 10.0.1<\/h2>\n