Security updates are closing drive-by download holes to OS X and iOS
If you are like most, you probably wait for the first update to an update before you even bother to install it. Now, if you are an OS X or an iOS user, you may want to rethink this lackadaisical approach to updating…
This is because Apple recently published a burst of Security Advisories announcing the following security-oriented updates:
- watchOS 2.0.1
- OS X El Capitan 10.11.1
- iOS 9.1
- OS X Server 5.0.15
Not to worry iTunes and Safari users, you’ll be seeing updates too. As well as updates to the program preferred Xcode. Although iTunes will go to 12.3.1, this only applies to Windows. On a Mac, Safari will go to 9.0.1, and Xcode will become. All of these fixes can are available via the APP store.
Pre-Capitan versions of OS X will get their security fix from 2015-007 and Mac EFI Security Update 2015-002. It may be a smart option for users to get the OS X El Capitan point release as a disk image. It can prove to be quite helpful if you should ever need to reinstall the base operating system. As well as provide people, who have multiple Macs, who do not wish to deal with the hassle of having to use the App Store to grab the updates for all of them individually.
Will You Have Enough Bandwidth?
One of the first questions that come to mind in regards to updates is; how much bandwidth is this going to cost me? Luckily, it should not break your bandwidth bank:
- iOS 9.1 – approximately 0.3GB
- OS X – approximately 1.1GB
Although Xcode 7.1 is a point release, it is an “all-over-again” download, and will need just a smidge over 2GB.
Drive-by Installs or Downloads
Apple has a solid reputation for pushing out fixes fast; this latest update is by no means an exception. El Capitan, for example, came out just over a month after iOS hit the airwaves. Apple (unlike it most of its loyal users) acknowledges that not all malware attacks to Mac come with a warning. RCE attacks caused by booby-trapped content can simply look at the file, or open a file that contains embedded data such as an image or a font. Unfortunately, this is often just enough to give control to criminals. Referred to as a drive-by install or drive-by download, you may think that your site visit is risk-free, however, a simple visit is all these criminals need to gain a damaging amount of power.