Apple has released security patches for as many as 47 security flaws in iOS, macOS, and WatchOS devices.
Apple’s WebKit browser engine for iOS and Safari contained as many as 23 security flaws which made it vulnerable to remote code execution.
Remote code execution using a malicious web page may allow hackers to infiltrate a device and take control over it. Apple disclosed as many as 16 vulnerabilities in WebKit that could allow remote code execution, one of which was reported by the UK’s National Cyber Security Centre.
According to Apple, the new security patches will not only prevent memory corruption but will also enhance memory handling. They will also prevent hackers from spoofing address bars to get users to click on malicious links.
With the new iOS 10.3.3 upgrade, Apple has also fixed other issues like disclosure of user information through a maliciously crafted XML document, arbitrary code execution using a maliciously crafted archive, unexpected termination of the Messages app by a remote attacker, notifications appearing on the lock screen even when disabled, and exfiltration of data cross-origin by malicious websites.
A number of vulnerabilities that Apple has now patched were reported by Google’s Project Zero team, Japanese security firm Trend Micro, Baidu Security Lab and Tencent’s Xuanwu Lab. Apple also encourages bug hunters by launching its highly-publicised bug bounty programmes, offering up to £150,000 to bug catchers.
Aside from receiving timely security fixes, Apple’s business customers now have an added benefit. Last month, Apple and Cisco announced that businesses that use products from both companies will get discounts on cyber security insurance premiums.
Cisco will also release the new Cisco Security Connector app for iPhone and iPad later this year. The app will, Cisco says, ‘deliver the deepest visibility, control, and privacy for iOS devices’ and will offer businesses the best protection no matter where they are located.