OS X El Capitan 10.11.6 fixes a total of 60 security bugs affecting components such as audio, CFNetwork, CoreGraphics, FaceTime, graphics drivers, ImageIO, the kernel, the login window, OpenSSL, QuickTime, sandbox profiles, and the libxml2 and libxslt libraries.
The CFNetwork vulnerability, tracked as CVE-2016-4645, was reported to Apple by Abhinav Bansal of Zscaler. The security firm published a blog post on Monday to describe the flawthat allows unprivileged applications to access cookies stored in the Safari browser.
“This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user,” Zscaler said. “In the case of email, it could result in a malicious application getting access to all your email. Worse, it could gain access to a site that stores more personal and confidential information about you.”
Original Source: Security Week
View the full story here.