Microsoft reflexively releases patches for its product one Tuesday of every month to much fanfare. Apple does not, but on occasion, the Cupertino, Calif.-based company issues what SophosLabs in a Naked Security bulletin calls “Update Surprisedays.”

Wednesday was one of those days with Apple unleashing seven updates designed to plug holes and boost security in iOS 8 and OS 10.9.5 (Maverick), as well as Apple TV7, OS X Server 3.2.1, OS X Server 2.2.3, Apple’s development environment Xcode and Safari 6.2 and 7.1.

The company fixed more than 40 separate vulnerabilities, “covered by 55 CVEs,” 10 of which “could allow remote code execution, including three inside the kernel,” the blog said, noting a “laundry list of holes fixed,” such as lock screen bugs, incorrectly implemented address book encryption, deprecated and insecure Wi-Fi authentication and Safari’s password manager leaking passwords. Saying the iOS updates added more features than security patches, the Sophos blog noted that the updates contained enough significant security fixes to make updating worthwhile for Apple users.

Of note, one of the patches made good on Apple’s promises to “stop its iDevices giving you away automatically to any Wi-Fi access point you walked past,” the Sophos blog said. The devices transmit their Media Access Code addresses in every packet sent over Wi-Fi, which, although it doesn’t identify the user, can tell a marketer “that the same person who just bought cotton trousers in menswear is not browsing near the organic yogurt section in the food department,” the blog said.

Read the Full Article: Source – SC Magazine
http://www.scmagazine.com/apple-issues-seven-updates-fixes-more-than-40-vulnerabilities-in-ios-8-os-1095/article/372680/

source not found