Apple updates OS X, Safari after spyware exploit found

Days after Apple updated iOS 9.3.5 for security vulnerabilities circulating the Middle East, Mac users are greeted with the same fixes.
Written by Jake Smith, Contributor
Matt Elliott/CNET

Apple released an update for OS X Yosemite and El Capitan on Thursday to patch a security flaw similar to what was found, and patched, on iOS 9.3.5 earlier in the week.

The three vulnerabilities, found on iOS 9.3.5 by security firm Lookout, allowed access to a device's location, read contacts, texts, calls, and emails, as well as being able to turn on the device's microphone.

In a security update to OS X users, Apple said the vulnerability could allow an application to execute arbitrary code with kernel privileges.

Apple also released an update to Safari 9 to patch vulnerabilities. A memory corruption flaw in WebKit is believed to have given attackers access. Two other kernel vulnerabilities would let an attacker jailbreak the device, and then the attacker can silently install malware to carry out surveillance.

Last month, Citizen Lab wrote in a blog post that it had uncovered an operation by the security services of the United Arab Emirates to try to get into the iPhone of a renowned human rights defender, Ahmed Mansoor, and turn it into a "sophisticated bugging device".

It took Apple 10 days to update iOS after being notified by Citizen Lab and Lookout. Apple is now rolling out the Mac and Safari updates, now available on the Mac App Store, six days after iOS' fixes.

Editorial standards