X
Tech

Apple's OS X 10.11.5 El Capitan update: No new features - but 67 security bug fixes

Apple's fifth update to OS X 10.11.5 El Capitan is probably the last feature update for its newest desktop operating system before 10.12.
Written by Liam Tung, Contributing Writer
applemacs770x541.jpg

Some of the security flaws addressed by the update to OS X 10.11.5 could allow remote attackers to gain arbitrary code execution.

Image: Apple

Apple has rolled out the fifth update to OS X El Capitan, as well as updates for Safari and iTunes.

Feature-wise, OS X 10.11.5 isn't a major update but it does include several bug fixes relevant to Macs used in an enterprise environment and fixes for 67 security flaws, some of which could allow remote attackers to gain arbitrary code execution.

However, this update is notable as probably being the last feature update for its newest desktop operating system before 10.12's expected release around the summer.

The security component of the update is available for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later.

Some of the nastier bugs addressed in the update include one affecting OpenGL, where "processing maliciously-crafted web content may lead to arbitrary code execution". Two other bugs with a similar impact could also be remotely exploited.

Similarly, a memory corruption issue in QuickTime could lead to arbitrary code execution after opening a maliciously-crafted file.

Messages got a fix for an issue that could allow a remote attacker to leak sensitive user information.

Also, Captive Network Assistant, the popup that is meant to assist connecting to a wireless network contained a bug that could allow an attacker with a "privileged network position" to execute arbitrary code with user assistance.

Safari 9.1.1, also released on Monday, contains fixes for seven security flaws affecting the browser. It's available for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5.

Most of the bugs affect Safari's WebKit browser engine and may lead to arbitrary code execution by visiting a maliciously-crafted website.

iTunes 12.4 fixes one security issue and introduces a cleaner design, including new navigation buttons and the ability to edit the dropdown menu for different content categories, such as music, TV shows and Movies.

Apple also released security updates for iOS, tvOS, and WatchOS on Monday.

Read more about Apple OS X

Editorial standards