Following yesterday's set of updates for its mobile devices, Apple has released an extensive set of patches for its Mac software, including a new version of macOS Sierra:
A new version of PHP addresses seven vulnerabilities that could cause an unexpected application termination or arbitrary code execution.
Similarly, a new version of curl addresses 16 vulnerabilities that could allow n attacker in a privileged network position to access sensitive user information.
AppleGraphicsPowerManagement addresses an opening for a system denial of service.
A permissions issue in Assets has been addressed.
The Audio framework has been prevent certain kinds of malicious audio files triggering arbitrary code execution.
Updates to the Bluetooth software address multiple issues that could be exploited to execute arbitrary code or cause a denial of service condition.
Sundry changes block avenues that previously allowed certain types of maliciously crafted font files, .gcx files, .mp4 files, disk image files and unspecified types of web content to execute arbitrary code or crash applications.
An avenue allowing maliciously crafted mp4 files to execute arbitrary code has been blocked.
Changes to the kernel and multiple I/O related functions target various flaws that could allow an attacker to determine kernel memory layout, read kernel memory, leak memory, cause crashes, gain root privileges, or execute arbitrary code.
Multiple fixes to the Security framework address include the removal of 3DES as a default cipher, improved handling of OCSP responder URLs, ind improved handling of certificates.
An improvement to the way libarchive handles symlinks removes an opportunity for an attacker to overwrite existing files.
Various other routines have been improved to avoid system denials of service, unexpected application termination, arbitrary code execution and privilege escalation.
The are corresponding updates for Yosemite (Security Update 2016-007 10.10.5) and El Capitan (Security Update 2016-003 10.11.6).
In related news, Apple also released Safari 10.0.2 for Yosemite, El Capitan and Sierra, and iTunes 12.5.4, both of which include multiple security fixes for issues that in some cases could allow arbitrary code execution. The Transporter component of iTunes Producer has been updated to prevent disclosure of user information.
All are available via the normal software update process.
Two dozen WebKit vulnerabilities are also addressed by iCloud for Windows 6.1.