Skip to content
Naked Security Naked Security

Apple closes a raft of “drive-by download” holes in OS X and iOS

Drive-by downloads mean that you could get owned even when you are Just Visiting... Apple users - don't let that happen to you!
Written by
October 23, 2015
Naked Security Apple El Capitan iOS iOS 9 OS X Patch RCE Update vulnerability

If you’re one of those people who waits for the first update to an update before you install it…

…and you’re also an OS X or an iOS user, then your number’s just been called.

In a flurry of Security Advisories published this week [2015-10-21] by Apple, the following security-oriented updates were announced:

  • OS X El Capitan 10.11.1
  • iOS 9.1
  • watchOS 2.0.1
  • OS X Server 5.0.15

Additionally, iTunes goes to 12.3.1; Safari goes to 9.0.1; and, for programmers, Xcode goes to 7.1.

Interestingly, the iTunes security advisory applies only to Windows – on the Mac, it seems, it’s funky new features only.

Pre-Capitan versions of OS X get their own security fixes in Update 2015-007 and Mac EFI Security Update 2015-002.

As usual, head over to the App Store for the fixes: Apple Menu | App Store... | Updates.

Or, if you’re like me, you may want to get the OS X El Capitan point release as a disk image, just in case you need to reinstall the base operating system, or if, unlike me, you have a whole stash of Macs and don’t want each one of them to have to fetch the update from the App Store.

Bandwith planner: iOS 9.1 will cost you about 0.3GB and OS X 10.11.1 about 1.1GB. Xcode 7.1, despite being a point release, is an “all-over-again” download, at just a shade over 2GB.

The security patches include a large number of remote code execution (RCE) holes that could, in theory, be triggered by booby-trapped objects of numerous sorts, including:

  • Web pages
  • Audio files
  • Fonts
  • Disk images
  • Packages (.pkg) files
  • Images
  • AppleScripts

Once again, well done to Apple for pushing out fixes quickly, given that it’s less than a month since El Capitan came out, and just over a month since iOS 9 hit the airwaves.

And to all those Apple fans who live by the rule, “If malware hits your Mac, you’ll always see a prompt or some kind of warning first…”

…the whole problem with an RCE attack caused by booby-trapped content is that just looking at a file, or opening a file that contains embedded data such as a font or an image, is usually enough to give control to the crooks.

It’s called a drive-by install or a drive-by download for obvious reasons: you think you are safely “Just Visiting,” as the Monopoly board puts it, but the crooks end up owning you!

Monopoly board JUST VISITING image by txking, courtesy of Shutterstock.

About the Author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.

Follow him on Twitter: @duckblog

Read Similar Articles

7 Comments

Thank you for the link to the disk image of El Capitan. I wish Apple would provide it in the first place, which would have saved me downloading it again for a second Mac.

Reply

Unfortunately El Capitan lost all my “On my Mac” Apple Mail folders and the account log-in details for my five email accounts. I was able to re-create some of them, but most folders would not repopulate with stored emails. I ended up having to download some 300,000 emails again, which used some 20 Gb of my 50 Gb monthly allowance.
The 10.11.1 upgrade was intended to correct the faulty Mail application on 10.11.0, but I found it lost all my “on my Mac” folders again, and this time none of my re-created folders will repopulate with emails. It looks like I shall have to download them yet again. Also it has duplicated some of my email addresses in the Inbox with extra empty folders, and when I visit Accounts or Preferences to delete the unwanted folders they appear in a different order, so I’m scared that I might delete the wrong ones!
I wish I’d stuck to Yosemite!

Reply

Odd; I found it re-worked some of my IMAP links and I had to force rebuild mail.app, but it didn’t actually lose the data; just the index. I guess I’ll do the same thing for 10.11.1.

That said, the first thing I did when my mail.app folder looked suspiciously empty in 11.0 was restore from backup… which had the exact same problem. Second thing I did was a spotlight search for one of the messages it had “eaten” — which popped up the message in a new window.

At that point I knew it was just the Mail.app index DB that was broken, and all my email was still on disk. To fix this problem, Select the Mailbox menu, and select Rebuild. If Rebuild is greyed out, close any open compose windows and select the default inbox in your main window and try again.

That also fixes the empty folders, which are yet another symptom of a corrupted DB file.

Reply

Your provided link to El Capitan disk image appears to be re-routed to EFI Security Update provided elsewhere ; just a bad link, or is Apple hiding location of this file ??

Reply

the man’s right – and for the ‘n’ times one needs it when the installation fails (feel the pain – and wasted hours !) – so can we have the correct one please as we cannot find it amongst the closed loops of the Apple support website

Reply

Fixed.

(Put “Capitan 10.11.1” into your search engine and the DL1845 link should come out at or near the top. It’s easy enough to track ’em down.)

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!