Motivos porqué actualizar a macOS High Sierra 10.13.1 o 10.13.2 urgentemente

milon

Applesan@
Motivos porqué actualizar a macOS High Sierra 10.13.1 o 10.13.2 urgentemente

Si tienes macOS High sierra, mejor actualiza cuanto antes a 10.13.1 o 10.13.2, mira la relación de fallos de seguridad que tiene. macOS ha superado con creces a Windows Vista, nunca en la historia reciente un sistema operativo ha estado tan mal desarrollado.


802.1X
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.


apache
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Apache
Description: Multiple issues were addressed by updating to version 2.4.27.


APFS
Available for: macOS High Sierra 10.13
Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data
Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.


APFS
Available for: macOS High Sierra 10.13
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.


AppleScript
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution
Description: A validation issue was addressed with improved input sanitization.


ATS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: A memory corruption issue was addressed with improved input validation.


Audio
Available for: macOS Sierra 10.12.6
Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.


CFString
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.


CoreText
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.


curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory
Description: An out-of-bounds read was addressed with improved bounds checking.


curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory
Description: An out-of-bounds read was addressed with improved bounds checking.


Dictionary Widget
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Searching pasted text in the Dictionary widget may lead to compromise of user information
Description: A validation issue existed which allowed local file access. This was addressed with input sanitization.


file
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version 5.31.


Fonts
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with improved state management.


fsck_msdos
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.


HFS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.


Heimdal
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker in a privileged network position may be able to impersonate a service
Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.


HelpViewer
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A quarantined HTML file may execute arbitrary JavaScript cross-origin
Description: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.


ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.


ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.


Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.


Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.


Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.


Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.


Kernel
Available for: macOS Sierra 10.12.6
Impact: Processing a malformed mach binary may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved validation.
CVE-2017-13834: Maxime Villard (m00nbsd)
Kernel
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.


libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.


libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.


libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.


Open Scripting Architecture
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.


PCRE
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version 8.40.


Postfix
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Postfix
Description: Multiple issues were addressed by updating to version 3.2.2.


Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.


Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.


QuickTime
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.


Remote Management
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.


Sandbox
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.


StreamingZip
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A malicious zip file may be able modify restricted areas of the file system
Description: A path handling issue was addressed with improved validation.
CVE-2017-13804: qwertyoruiopz at KJC Research Intl. S.R.L.
tcpdump
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: Multiple issues in tcpdump
Description: Multiple issues were addressed by updating to version 4.9.2.




Wi-Fi
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
 
Arriba