Sophos Cloud Optix
Apple followed up its recent iOS 10.2 update with a related slew of security fixes for macOS, bringing the current laptop and desktop flavour of its operating system up to 10.12.2.
The update includes numerous critical bug fixes for holes in system components from Apache, the web server that’s included on every Macbook, to syslog, a core utility that collects messages, errors and warnings from the rest of the system.
Ironically, the bug in syslog could have allowed intruders to acquire superuser access, which often allows them to mess with the very system logs that might otherwise have provided evidence of their attack.
Apple’s Safari browser also received an update to 10.0.2, fixing several vulnerabilities that could be exploited by booby-trapped web pages to install malware without warning.
Interestingly, Apple accompanied its macOS update notification with a bulletin offering Additional information for [the recent advisory about] iOS 10.2.
We formed the opinion earlier this week that iOS 10.2 was a critical update simply on account of the number of lockscreen bugs that it fixed; it now turns out that many other critical bugs were fixed, too, but not declared in the original iOS 10.2 bulletin.
What to do?
Head to Settings | General | Software Update on your iDevice.
Use Apple | About This Mac | Software Update... on your Mac.