Apple kills 3 zero-day vulnerabilities with emergency Mac update

“Apple yesterday issued an emergency security update for the Mac, patching the same trio of vulnerabilities the company fixed last week on the iPhone,” Gregg Keizer reports for Computerworld. “According to one of the groups that first revealed the flaws, the vulnerabilities could have been ‘weaponized’ for use against OS X, the Mac’s operating system.”

“The out-of-band update was aimed at OS X El Capitan (aka 10.11) and Yosemite (10.10), the 2015 and 2014 editions, respectively,” Keizer reports. “According to reports from researchers at mobile security vendor Lookout and the Citizen Lab at the University of Toronto, the trio of bugs were used to spy on an activist in the United Arab Emirates by turning his iPhone into a surveillance tool.”

Keizer reports, “Prior to the disclosure last week, the vulnerabilities, pegged as ‘Trident’ by Citizen Labs, were ‘zero-days,’ or unknown to Apple, and so extremely valuable on the black market.”

Read more in the full article here.

MacDailyNews Take: Today, the Apple ecosystem is even safer! If you haven’t updated your Mac with Security Update 2016-001 El Capitan or Security Update 2016-005 Yosemite, do so ASAP.

iPhone users should update to iOS 9.3.5 immediately – August 26, 2016
Apple boosts iPhone security after Mideast spyware discovery; releases iOS 9.3.5 – August 25, 2016


  1. Unfortunately – where there was three, there are more. Since they are so valuable and used by nation states, the fact they have been revealed, means they lost value and there’s something new under the hood to play with.

    That’s what sucks about modern tech. It’s a weaved net of code with a lot of holes.

          1. You are basically saying I am being overly paranoid. I am not talking about magic, mind reading or 5km meteors. I am simply pointing out the obvious.

            Using a digital device to host your PI risking a privacy leak, is about the same as driving a car along a coastal highway risking bodily harm. The thing is we trust our PI to the cloud, which similar to parachuting out of a plane on a regular basis.

            As our society matures we are taking greater risks, risks we no little about. Yet we are, as a whole, living longer and healthier because of those risks – at least in the short term. Go figure.

      1. That simply means it’s a core kernel level issue. Especially over most of our heads on a technical level.

        Things won’t get better until we get computer AI to write code for us and at the same time perform predictive modeling to look for vulnerabilities and patch at point of compile. Or our next operating system won’t be compiled as it’s written in binary from the start. No more buffer overruns.

        1. If AI is ever able to write code, which is doubtful, it is likely to be full of more holes than human written code. AI, if it ever arrives, will have the same muddy thinking humans do, only more so. Try getting a definitive answer from Siri to a complex question.

    1. Because we live in a happy delusional bubble, we tend not to realize that iOS and OSX have TONS of exploits. In fact, in 2015, macOS and iOS had the most exploits discovered, next to FLASH.

      If you keep track of exploits it can be rather disheartening.

      1. Vulnerabilities yes, exploitable vulnerabilities, NO! Nowhere near “TONS of exploits” as you claim. I other words you lie by distorting “vulnerabilities” and claiming they were actual “exploited,” when they were not. There is a huge difference.

        A vulnerability that is reported but not exploited before it was patched, and no exploit for it is ever developed to use that vulnerability is of no danger to anyone. A vulnerability is merely a potential for an exploit. It does NOT mean it was or even CAN be exploited, just that there is a possibility that it could be exploited if certain conditions are met. Sometimes those conditions cannot even BE met for other reason unrelated to what was found, but the vulnerability still exists in the software and should be fixed as a matter of course.

  2. I don’t believe until the advent of AI can a system check itself or other coded systems against all possible attacks, which leads us neatly to the path of an impenetrable AI Skynet-esque tech enemy. 😉

    So far no OS written by man has totally passed the security test, nor will it ever using current techniques. Solving this would be a great innovation.

        1. You guys are assuming that the computers can write code that humans can’t hack into.

          What makes you think humans are inferior hackers than computers? Anybody successfully programmed a hacker?

  3. If you’re using the NVIDIA web drivers on 10.11.6, this latest security update will disable them. If you meet these criteria and you have work to do, disconnect from your network (for security) and wait until NVIDIA updates the web drivers.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.