Yesterday, Apple released the security update 2016-001 10.11.6 for OS X El Capitan and Security Update 2016-005 10.11.5 for OS X Yosemite. Users of OS X 10.9 Mavericks have a specific update for Safari that addresses this issue. Security updates are recommended for all Mac users and are intended to protect the equipment from potential safety hazards or related damage.
Mac users who have the update notification activated in the notification center were shown this security patch, an option that I recommend.
In this case the vulnerability is known as "Pegasus". The vulnerability took advantage of WebKit to install a number of malware. A few days ago an update for IOS was released in relation to this same problem, specifically solved in version 9.3.5.
The malicious application allows external control of our device by an external attacker without the user noticing or having knowledge of it, even impersonating third-party applications such as Gmail, Facebook, Skype, among others. Just by clicking on a link, we could start controlling our Mac externally, a serious security problem that Apple has not taken long to solve.
Apple reported the problem with the following message:
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS
Description: A memory WAS Corruption issue addressed through Improved memory handling.
Kernel
CVE-2016-4656: Citizen Lab and Lookout
Needless to say, this flaw shouldn't be taken lightly and all OS X users should update immediately.
If you did not know the update, it is advisable to have your equipment protected. You can go to the App Store where you will find the corresponding update in the updates section. After checking for updates, a message like this will appear:
Thanks to this, the Apple software is considered one of the safest in the world.