Palo Alto Networks Researchers Uncover Critical Apple Product Vulnerabilities


Category: Threat Prevention, Unit 42

Tags: , , , , ,

This post is also available in: 日本語 (Japanese)

Palo Alto Networks researchers were recently credited with discovery of two new Apple product vulnerabilities.

Researchers Tongbo Luo and Bo Qu discovered a webkit vulnerability (CVE-2016-1855) affecting Safari in OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.10.5.

Tongbo and Bo also identified an OpenGL vulnerability (CVE-2016-1847) affecting Apple TV (fourth generation and later), iPhone 4S (and later versions), iPod Touch (fifth generation and later), and iPad 2 (and later versions).

Apple addressed both findings in a recent security update. Palo Alto Networks has also released IPS signatures covering these vulnerabilities (for current customers, available in content release 585).

Palo Alto Networks is a regular contributor to vulnerability research in the Microsoft, Apple, Android and other ecosystems. By proactively identifying these vulnerabiliites, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks.