Vulnerabilities Patched in Sierra

Thursday, December 15, 2016 @ 05:12 PM gHale

Apple released macOS Sierra 10.12.2, which patches 72 vulnerabilities.

This latest version addresses flaws related to components such as Apache, Audio, Bluetooth, the kernel, IOKit, IOSurface, IOAcceleratorFamily, IOHIDFamily, Disk Images, graphics components, media services, security, and third-party libraries, according to an Apple security advisory.

RELATED STORIES
Mac App Keeps Recording
Attackers Leverage iOS WebView
Apple Plugs Xcode Holes
Apple Patches Vulnerabilities

The updated macOS Sierra 10.12.2 also addresses the cURL vulnerabilities discovered during a Mozilla Secure Open Source (SOS) program audit.

If left unpatched the issues could end up leveraged to cause an application to enter a denial-of-service (DoS) condition, execute arbitrary code (including with elevated privileges), obtain sensitive information, escalate privileges, leak memory data, and overwrite existing files. RC4 and 3DES have been removed as default ciphers to prevent attackers from exploiting their weaknesses.

This is the second security update released by Apple for macOS Sierra since its launch in September. The first update fixed 16 vulnerabilities.

Apple also released updates for iCloud for Windows, iTunes for Windows and the Safari web browser. Safari 10.0.2 resolves two dozen vulnerabilities, a large majority of which affect the WebKit engine. The same WebKit flaws have also been fixed in the Windows versions of iCloud and iTunes.



Leave a Reply

You must be logged in to post a comment.