Apple releases security updates for OS X El Capitan, Yosemite and Safari to patch major vulnerabilities

Apple is rolling out new updates for OS X Yosemite and El Capitan with versions 10.10.5 and 10.11.6 respectively. An update bearing version number 9.3.1 is also available for the Safari browser.

This release is not a usual one that contains fixes and regular maintenance updates. Instead, it is quite an important rollout, as it patches three major security flaws, which were discovered by Israel-based NSO Group. Software created by the group was able to read text messages, emails, track calls and contacts. It could even record sounds, collect passwords and trace the location of iPhone users.

The security patches were first released for iPhone and iPad users through iOS 9.3.5 software update, after Apple received a tip from two researchers, Bill Marczak and John Scott Railton at Citizen Lab at the University of Toronto's Munk School of Global Affairs, and a San Francisco-based mobile security company Lookout.

According to Apple's "Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite", the vulnerabilities on Yosemite and El Capitan could have allowed hackers to disclose kernel memory as well as execute malicious software with kernel privileges through an application.

Like the iOS 9.3.5, Apple has given credit to Citizen Lab and Lookout for reporting Mac OS X vulnerabilities. Citizen Lab and Lookout claim the spyware was based on three previous iOS vulnerabilities called zero days. Check out the security content below for OS X and Safari updates.

How to get the update

To get OS X Yosemite v10.10.5 or, El Capitan v10.11.6, launch App Store application on your Mac, then click Updates in the toolbar. When the updates become available, click the Updates button to go ahead with the download and installation. Alternatively, you can grab the updates by choosing Software Update from the Apple menu, that is, if you don't have App Store on your Mac.