milon
Applesan@
Motivos porqué actualizar a macOS High Sierra 10.13.1 o 10.13.2 urgentemente
Si tienes macOS High sierra, mejor actualiza cuanto antes a 10.13.1 o 10.13.2, mira la relación de fallos de seguridad que tiene. macOS ha superado con creces a Windows Vista, nunca en la historia reciente un sistema operativo ha estado tan mal desarrollado.
802.1X
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.
apache
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Apache
Description: Multiple issues were addressed by updating to version 2.4.27.
APFS
Available for: macOS High Sierra 10.13
Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data
Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.
APFS
Available for: macOS High Sierra 10.13
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
AppleScript
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution
Description: A validation issue was addressed with improved input sanitization.
ATS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: A memory corruption issue was addressed with improved input validation.
Audio
Available for: macOS Sierra 10.12.6
Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
CFString
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CoreText
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory
Description: An out-of-bounds read was addressed with improved bounds checking.
curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory
Description: An out-of-bounds read was addressed with improved bounds checking.
Dictionary Widget
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Searching pasted text in the Dictionary widget may lead to compromise of user information
Description: A validation issue existed which allowed local file access. This was addressed with input sanitization.
file
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version 5.31.
Fonts
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
fsck_msdos
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
HFS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
Heimdal
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker in a privileged network position may be able to impersonate a service
Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.
HelpViewer
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A quarantined HTML file may execute arbitrary JavaScript cross-origin
Description: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.
ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
Kernel
Available for: macOS Sierra 10.12.6
Impact: Processing a malformed mach binary may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved validation.
CVE-2017-13834: Maxime Villard (m00nbsd)
Kernel
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.
libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.
libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Open Scripting Architecture
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
PCRE
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version 8.40.
Postfix
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Postfix
Description: Multiple issues were addressed by updating to version 3.2.2.
Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
QuickTime
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Remote Management
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
Sandbox
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
StreamingZip
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A malicious zip file may be able modify restricted areas of the file system
Description: A path handling issue was addressed with improved validation.
CVE-2017-13804: qwertyoruiopz at KJC Research Intl. S.R.L.
tcpdump
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: Multiple issues in tcpdump
Description: Multiple issues were addressed by updating to version 4.9.2.
Wi-Fi
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
Si tienes macOS High sierra, mejor actualiza cuanto antes a 10.13.1 o 10.13.2, mira la relación de fallos de seguridad que tiene. macOS ha superado con creces a Windows Vista, nunca en la historia reciente un sistema operativo ha estado tan mal desarrollado.
802.1X
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.
apache
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Apache
Description: Multiple issues were addressed by updating to version 2.4.27.
APFS
Available for: macOS High Sierra 10.13
Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data
Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.
APFS
Available for: macOS High Sierra 10.13
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
AppleScript
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution
Description: A validation issue was addressed with improved input sanitization.
ATS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: A memory corruption issue was addressed with improved input validation.
Audio
Available for: macOS Sierra 10.12.6
Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
CFString
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CoreText
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory
Description: An out-of-bounds read was addressed with improved bounds checking.
curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory
Description: An out-of-bounds read was addressed with improved bounds checking.
Dictionary Widget
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Searching pasted text in the Dictionary widget may lead to compromise of user information
Description: A validation issue existed which allowed local file access. This was addressed with input sanitization.
file
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version 5.31.
Fonts
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
fsck_msdos
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
HFS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
Heimdal
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker in a privileged network position may be able to impersonate a service
Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.
HelpViewer
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A quarantined HTML file may execute arbitrary JavaScript cross-origin
Description: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.
ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
Kernel
Available for: macOS Sierra 10.12.6
Impact: Processing a malformed mach binary may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved validation.
CVE-2017-13834: Maxime Villard (m00nbsd)
Kernel
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.
libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.
libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Open Scripting Architecture
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
PCRE
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version 8.40.
Postfix
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Postfix
Description: Multiple issues were addressed by updating to version 3.2.2.
Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
QuickTime
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Remote Management
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
Sandbox
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
StreamingZip
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A malicious zip file may be able modify restricted areas of the file system
Description: A path handling issue was addressed with improved validation.
CVE-2017-13804: qwertyoruiopz at KJC Research Intl. S.R.L.
tcpdump
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: Multiple issues in tcpdump
Description: Multiple issues were addressed by updating to version 4.9.2.
Wi-Fi
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.