To update on OS X, go to App Store Updates and then install the Security Update 2016-001 (for El Capitan) or 2016-005 (for Yosemite).
Advertisement
A week ago, researchers at mobile security form Lookout and University of Toronto’s Citizen Lab announced the discovery of critical iOS security issues used to hack the iPhones of activists and journalists. The New York Times reported Friday that the NSO Group sells spyware like this to foreign governments for steep fees: Spying on 10 iPhone users costs up to $1.15 million. They discovered that the malware leveraged three unknown zero-days to allow attackers to take full control of the iPhone, allowing what is essentially a remote jailbreak of the device. As it turns out, the same flaws impact Mac OS X, which is now getting patched a week after its mobile sibling. Human rights activists should know that the handset belonged to famous human rights defender, Ahmed Mansoor.
Apple’s desktop operating systems are open to the same zero day vulnerabilities that were fixed in iOS last week. But the underlying architecture of iOS and macOS is similar enough that the flaws also exist in Apple’s computers.
Once inside the kernel, a malicious actor could read a users messages, access their bank details and track their location, among other things.
Advertisement
Nevertheless, Mac users would be well advised to update their computers sooner rather than later. These was patched in iOS last week. Now, it appears the same vulnerabilities can be used on its Safari browser and OS X. “An automatic download, i.e., a push system, would achieve better results [than Apple’s current procedure]”, said Elad Yoran, a former cybersecurity adviser to the Federal Bureau of Investigation and Department of Homeland Security.
