Apple updates OS X and iOS to squash security bugs

Apple has rolled out updates to remedy a load of CVE-listed security vulnerabilities affecting Macs, iPhones and iPads.

The OS X update specifically cites improvements to “stability, compatibility, and security” while also highlighting specific fixes for Mail, Photos, and QuickTime Player apps.

The update includes fixes for problems that could enable attackers to run code remotely on Apple products. The 10.10.5 update for Yosemite users fixes an issue that allowed hackers unlimited root privileges. The so-called DYLD_PRINT_TO_FILE privilege escalation vulnerability could allow malware to gain root access to a Mac. 

The QuickTime bug fixed was one that enabled a hacker to use a “specifically formatted .MOV file can cause QuickTime to terminate unexpectedly, creating a local denial of service condition”. The problem was discovered by Ryan Pentney and Richard Johnson of Cisco's Talos security unit.

The iPhone as well as iPad and iPod also got a number of updates. Among them is a fix (CVE-2015-5746) for one which could allow hackers to use a maliciously crafted afc command to access protected parts of the filesystem. The updates also fix a number of ways the operating system can be jailbroken.

Apple has also released Security Update 2015-006 for Mavericks and Mountain Lion users, as well as Safari 8.0.8 for Yosemite, 7.1.8 for Mavericks, and 6.2.8 for Mountain Lion.

The update to Yosemite could well be the last one before OS X El Capitan is released this autumn.

The updates can be downloaded through the Update tab in the Mac App Store. Standalone installers are also available on Apple's download page.