OS X users need to fire up the App Store immediately, to download a new security patch released yesterday (Sept. 1) that protects the same zero-day exploits that Apple fixed on its iOS platform last week. As we explained previously, these updates protect users against super-powerful spear phishing attacks that hand over complete access to a device.
Security Update 2016-001 10.11.6 protects users against a "cyber war" tool dubbed Trident which was discovered after an attempt to hijack a phone belonging to Ahmed Mansoor, a human rights advocate based in the United Arab Emirates (UAE). On August 10 and 11, Mansoor's iPhone received SMS messages promising "new secrets" about tortured detainees in UAE jails. Mansoor didn't click on these links, as he had already been the victim of government-sponsored hacks.
MORE: Best Apple Laptops
Instead, Mansoor forwarded those messages along to researchers at the Toronto-based Citizen Lab, an interdisciplinary laboratory based out of the Munk School of Global Affairs, which identified the links as a part of an exploit chain it calls Trident.
On August 25, Citizen Lab and San Francisco-based Android antivirus firm Lookout published reports on the Mansoor hack, while Apple, in conjunction with those reports, released iOS 9.3.5 to fix the vulnerability that allows the attack.
Why it took an extra 8 days for Apple to release the patch for OS X is unknown, but as the saying goes, "better late than never." The patches were needed on the OS X platform because iOS uses the same Safari browser codebase as iOS. Security Update 2016-001 10.11.6 includes an update to Safari, which brings it up to version 9.1.3.
Here's how to update your Mac to protect it against Trident attacks:
1. Click the Apple in the top right corner.
2. Select App Store.
3. Click Updates.
4. Click Update next to Security Update 2016-001 10.11.6 and follow the subsequent instructions. Your system will restart to complete the installation.
5. To check that the update has been applied, open Safari and click Safari in the Menu bar.
6. Select About Safari.
Your system is patched and ready if the version number reads 9.1.3. Contact Apple if it does not.