OS X El Capitan Update Patches Zero-Day Vulnerabilities
Apple has today followed up its iOS security update with a software update for both OS X El Capitan and OS X Yosemite. Security Update 2016-001 (El Capitan) and Security update 2015-005 (Yosemite) also bring security fixes to Safari.
As detailed on Apple’s dedicated support site, the update patches the zero-day security flaws Lookout discovered earlier in August. You may recall the buzz around it, as it was the most sophisticated attack the security firm has ever seen, and they called it the “Pegasus” spyware.
Lookout’s analysis first discovered the zero-day exploit in iOS devices, but apparently the same flaws were present in Apple’s desktop operating system. Lookout first determined that Pegasus exploits three zero-day vulnerabilities (or Trident) in iOS, but apparently they didn’t check OS X. In the document detailing the security update released today, Apple points to the same CVEs (or common vulnerabilities and exposures) Lookout and Citizen Lab have identified in iOS.
The update is available from the Mac App Store and is highly recommended to all Yosemite and El Capitan users.