99 0
99 0

Junto con la actualización a macOS 10.12.5 Sierra publicada ayer por Apple, la compañía de Cupertino publico dos actualizaciones de seguridad adicionales para tanto El Capitan como para Yosemite.

Esta actualización, con la que suele cerrar Apple el ciclo de desarrollo de su sistema operativo en curso, está siempre diseñada para corregir errores y solucionar problemas de seguridad, y la lista en esta ocasión ha sido bastante larga: hasta 30 problemas de de seguridad han sido parcheados.

A partir de este momento, y salvo en la muy poco probable situación en la que Apple saque una actualización del tipo macOS 10.12.5.1 Sierra o similar, las futuras actualizaciones para macOS Sierra serán específicamente para solucionar problemas de seguridad.

Los agujeros de seguridad tapados han sido:

macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite

Released May 15, 2017

802.1X

Available for: macOS Sierra 10.12.4

Impact: A malicious network with 802.1X authentication may be able to capture user network credentials

Description: A certificate validation issue existed in EAP-TLS when a certificate changed. This issue was addressed through improved certificate validation.

CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise company

Accessibility Framework

Available for: macOS Sierra 10.12.4

Impact: An application may be able to gain system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6978: Ian Beer of Google Project Zero

CoreAnimation

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: Processing maliciously crafted data may lead to arbitrary code execution

Description: A memory consumption issue was addressed through improved memory handling.

CVE-2017-2527: Ian Beer of Google Project Zero

CoreAudio

Available for: macOS Sierra 10.12.4

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team

DiskArbitration

Available for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6

Impact: An application may be able to gain system privileges

Description: A race condition was addressed with additional filesystem restrictions.

CVE-2017-2533: Samuel Groß and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

HFS

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

iBooks

Available for: macOS Sierra 10.12.4

Impact: A maliciously crafted book may open arbitrary websites without user permission

Description: A URL handling issue was addressed through improved state management.

CVE-2017-2497: Jun Kokatsu (@shhnjk)

iBooks

Available for: macOS Sierra 10.12.4

Impact: An application may be able to execute arbitrary code with root privileges

Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.

CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)

iBooks

Available for: macOS Sierra 10.12.4

Impact: An application may be able to escape its sandbox

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of Knownsec 404 Security Team

Intel Graphics Driver

Available for: macOS Sierra 10.12.4

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2503: sss and Axis of 360Nirvan team

IOGraphics

Available for: macOS Sierra 10.12.4

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative

IOSurface

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6979: Adam Donenfeld of Zimperium zLabs

Kernel

Available for: macOS Sierra 10.12.4

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2494: Jann Horn of Google Project Zero

Kernel

Available for: macOS Sierra 10.12.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed through improved locking.

CVE-2017-2501: Ian Beer of Google Project Zero

Kernel

Available for: macOS Sierra 10.12.4

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-2507: Ian Beer of Google Project Zero

CVE-2017-2509: Jann Horn of Google Project Zero

CVE-2017-6987: Patrick Wardle of Synack

Kernel

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-2516: Jann Horn of Google Project Zero

Kernel

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

Multi-Touch

Available for: macOS Sierra 10.12.4

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative

CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative

NVIDIA Graphics Drivers

Available for: macOS Sierra 10.12.4

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360

Sandbox

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to escape its sandbox

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2512: Federico Bento of Faculty of Sciences, University of Porto

Security

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to escape its sandbox

Description: A resource exhaustion issue was addressed through improved input validation.

CVE-2017-2535: Samuel Groß and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

Speech Framework

Available for: macOS Sierra 10.12.4

Impact: An application may be able to escape its sandbox

Description: An access issue was addressed through additional sandbox restrictions.

CVE-2017-2534: Samuel Groß and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

Speech Framework

Available for: macOS Sierra 10.12.4

Impact: An application may be able to escape its sandbox

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6977: Samuel Groß and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

SQLite

Available for: macOS Sierra 10.12.4

Impact: A maliciously crafted SQL query may lead to arbitrary code execution

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2513: found by OSS-Fuzz

SQLite

Available for: macOS Sierra 10.12.4

Impact: A maliciously crafted SQL query may lead to arbitrary code execution

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-2518: found by OSS-Fuzz

CVE-2017-2520: found by OSS-Fuzz

SQLite

Available for: macOS Sierra 10.12.4

Impact: A maliciously crafted SQL query may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2519: found by OSS-Fuzz

SQLite

Available for: macOS Sierra 10.12.4

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

TextInput

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: Parsing maliciously crafted data may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2524: Ian Beer of Google Project Zero

WindowServer

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to gain system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative

CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend Micro’s Zero Day Initiative

WindowServer

Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative

Categorías para este artículo

Join the Conversation