Security Market Segment LS
Wednesday, 14 December 2016 16:01

macOS 10.12.2 lands with a shipload of security fixes

By

In terms of its security content, maOS Sierra 10.12.2 is a monster. And there are more fixes for associated software.

Following yesterday's set of updates for its mobile devices, Apple has released an extensive set of patches for its Mac software, including a new version of macOS Sierra:

A new version of PHP addresses seven vulnerabilities that could cause an unexpected application termination or arbitrary code execution.

Similarly, a new version of curl addresses 16 vulnerabilities that could allow n attacker in a privileged network position to access sensitive user information.

Other open source components updated to deliver security fixes include LibreSSL, OpenLDAP, OpenPAM and OpenSSL.

AppleGraphicsPowerManagement addresses an opening for a system denial of service.

A permissions issue in Assets has been addressed.

The Audio framework has been prevent certain kinds of malicious audio files triggering arbitrary code execution.

Updates to the Bluetooth software address multiple issues that could be exploited to execute arbitrary code or cause a denial of service condition.

Sundry changes block avenues that previously allowed certain types of maliciously crafted font files, .gcx files, .mp4 files, disk image files and unspecified types of web content to execute arbitrary code or crash applications.

An avenue allowing maliciously crafted mp4 files to execute arbitrary code has been blocked.

Changes to the kernel and multiple I/O related functions target various flaws that could allow an attacker to determine kernel memory layout, read kernel memory, leak memory, cause crashes, gain root privileges, or execute arbitrary code.

Multiple fixes to the Security framework address include the removal of 3DES as a default cipher, improved handling of OCSP responder URLs, ind improved handling of certificates.

An improvement to the way libarchive handles symlinks removes an opportunity for an attacker to overwrite existing files.

Various other routines have been improved to avoid system denials of service, unexpected application termination, arbitrary code execution and privilege escalation.

The are corresponding updates for Yosemite (Security Update 2016-007 10.10.5) and El Capitan (Security Update 2016-003 10.11.6).

In related news, Apple also released Safari 10.0.2 for Yosemite, El Capitan and Sierra, and iTunes 12.5.4, both of which include multiple security fixes for issues that in some cases could allow arbitrary code execution. The Transporter component of iTunes Producer has been updated to prevent disclosure of user information.

All are available via the normal software update process.

Two dozen WebKit vulnerabilities are also addressed by iCloud for Windows 6.1.

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

MITIGATE FRAUD WITH HYLAND’S DIGITAL CREDENTIALING SOLUTION

Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time

JOIN WEBINAR!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments