Apple on Thursday issued Security Updates for OS X El Capitan and Yosemite. The releases patch multiple vulnerabilities that allow an application to disclose kernel memory, and executive arbitrary code with kennel privileges.
If this sounds familiar, it’s because these are the same exploits patched in the latest iOS 9.3.5 update. Apple again credits Citizen Lab and Lookout research firms with the find, and recommends that all users install the updates.
Here are your full release notes:
Kernel
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout
Kernel
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4656: Citizen Lab and Lookout
For those that missed it, last week it was exposed that notorious digital arms dealer NSO Group has been selling software built using these exploits. The program can read texts and emails, track location, and record sounds and passwords.
Today’s Security Updates can be installed via the Updates tab in the Mac App Store.