Apple issues urgent security update for OS X Yosemite, OS X El Capitan and Safari

Apple issues urgent security update for OS X Yosemite, OS X El Capitan and Safari

On Thursday, an urgent security update was issued by Apple for OS X 10.10 ‘Yosemite,’ OS X 10.11 ‘El Capitan’ and Safari, to fix a vulnerability which can potentially give cybercriminals the ability to gain control of a target device with a single click.

The security vulnerability addressed by Apple in the two OS X versions and the safari web browser essentially underscores an assault package – called ‘Pegasus’ – which leverages three zero-day vulnerabilities that have the potential to jailbreak a device remotely, and load a suite of monitoring software onto a targeted device.

One of the main tools in the ‘Pegasus’ assault process is an exploit that makes use of a memory corruption fault in Safari WebKit, which enables cybercriminals to deliver the malware payload when a link leading to a malicious webpage is clicked on by the victim.

The installation of ‘Pegasus’ prompts the assault package to exploit kernel flaws for upgrading privileges, as well as giving cybercriminals the capability to intercept text messages, filch emails, gain access to contacts, and grab information from several third-party apps like Gmail, Facebook, WhatsApp, Skype, and WeChat, among others.

Apple discovered the vulnerability in its iOS mobile operating system last week, and patched it in its iOS 9.3.5 update. However, after discovering that the vulnerability affects OS X Yosemite and El Capitan and Safari as well, the company has now rolled out a combined security update for the two OS X versions, along with a standalone fix for the Safari web browser.