Apple Patches Series of Vulnerabilities

Tuesday, September 26, 2017 @ 04:09 PM gHale


Apple issued patches available as part of the macOS High Sierra 10.13 platform upgrade.

Apple addressed over 40 security holes affecting OS X Lion 10.8 and later.

RELATED STORIES
High Sierra Zero Day Exploit
Bluetooth Devices Susceptible to Attack
ICSJWG: Change in Security Approach Needed
Power Grid Compromise

Components suffering from vulnerabilities include Application Firewall, AppSandbox, Captive Network Assistant, CoreAudio, Directory Utility, file, IOFireWireFamily, Kernel, libc, libexpat, Mail, ntp, Screen Lock, Security, SQLite, and zlib.

With 10 vulnerabilities addressed in it, ntp was the most affected component, followed by file, with 6 security flaws, and SQLite with 5 vulnerabilities.

These issues ended up addressed by updating to ntp version 4.2.8p10, file version 5.30, and SQLite version 3.19.3, according to the report. Apple also addressed 4 bugs in zlib by updating it to version 1.2.11.

A vulnerability in AppSandbox could result in an application causing denial of service, while a problem in CFNetwork Proxies could allow an attacker in a privileged network position to cause a denial of service. A problem with Captive Network Assistant could result in a local user unknowingly sending a password unencrypted over the network.

A CoreAudio bug allowed an application to read restricted memory, while an issue in Directory Utility could allow a local attacker to determine the Apple ID of the owner of the computer. IOFireWireFamily bugs could allow attackers to execute arbitrary code, or applications to read restricted memory.

Other vulnerabilities could allow an attacker to impersonate a service or cause denial of service, an application to execute arbitrary code with kernel privileges, or the sender of an email to determine the IP address of the recipient. A bug in security could result in a revoked certificate to be trusted.

As always, Apple said it does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.



Leave a Reply

You must be logged in to post a comment.