Apple last week released iOS 9.3.5, a security fix for a vulnerability that could give attackers complete control of the iOS device. The Cupertino-based company on Thursday has released security patches for OS X El Capitan (v10.11.16) and OS X Yosemite (v10.10.5), in what is believed to be a fix related to the iOS vulnerabilities that were fixed last week. Apple on its support page says the patches for OS X fix validation and memory corruption issues that would have allowed malware to gain kernel access.
Apple has also issued an update for Safari for OS X, taking it to version 9.1.3. Apple says the fixes for Safari remove the memory corruption issue that could allow the browser to execute specific type of malware. All three issues were reported by Citizen Lab and Lookout, the same security research firms that reported the iOS vulnerability last week.
The vulnerability has been named Pegasus, and as we mentioned earlier, can allow attackers to gain root-level access to iOS and OS X devices. The attackers can then install any software they want, including monitoring software. Apart from first-party apps, the vulnerability even allowed interception of information from third-party apps.
The vulnerabilities were revealed after a real-world exploit was spotted by a UAE human rights researcher who received an SMS on an iPhone with a link that could have downloaded malware with access to the device’s kernel. It later out that same vulnerability affects OS X as well.