What's new in Apple Security Update (macOS Security Update) 2021-008 Catalina
Jan 27, 2022
- Archive Utility:
- Available for: macOS Catalina
- Impact: A malicious application may bypass Gatekeeper checks
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30950: @gorelics
- Bluetooth:
- Available for: macOS Catalina
- Impact: A malicious application may be able to disclose kernel memory
- Description: A logic issue was addressed with improved validation.
- CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America
- Bluetooth:
- Available for: macOS Catalina
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A logic issue was addressed with improved validation.
- CVE-2021-30935: an anonymous researcher
- ColorSync:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.
- CVE-2021-30942: Mateusz Jurczyk of Google Project Zero
- CoreAudio:
- Available for: macOS Catalina
- Impact: Playing a malicious audio file may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
- CoreAudio:
- Available for: macOS Catalina
- Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information
- Description: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab
- CVE-2021-30961: an anonymous researcher
- CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab
- Crash Reporter:
- Available for: macOS Catalina
- Impact: A local attacker may be able to elevate their privileges
- Description: This issue was addressed with improved checks.
- CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
- Graphics Drivers:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A buffer overflow was addressed with improved bounds checking.
- CVE-2021-30977: Jack Dates of RET2 Systems, Inc.
- Help Viewer:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk
- Description: A path handling issue was addressed with improved validation.
- CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
- ImageIO:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
- Intel Graphics Driver:
- Available for: macOS Catalina
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A buffer overflow was addressed with improved bounds checking.
- CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security Light-Year Lab
- IOUSBHostFamily:
- Available for: macOS Catalina
- Impact: A remote attacker may be able to cause unexpected application termination or heap corruption
- Description: A race condition was addressed with improved locking.
- CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America
- Kernel:
- Available for: macOS Catalina
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A use after free issue was addressed with improved memory management.
- CVE-2021-30927: Xinru Chi of Pangu Lab
- CVE-2021-30980: Xinru Chi of Pangu Lab
- Kernel:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption vulnerability was addressed with improved locking.
- CVE-2021-30937: Sergei Glazunov of Google Project Zero
- Kernel:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved state management.
- CVE-2021-30949: Ian Beer of Google Project Zero
- LaunchServices:
- Available for: macOS Catalina
- Impact: A malicious application may bypass Gatekeeper checks
- Description: A logic issue was addressed with improved validation.
- CVE-2021-30990: Ron Masas of BreakPoint.sh
- LaunchServices:
- Available for: macOS Catalina
- Impact: A malicious application may bypass Gatekeeper checks
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
- Model I/O:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted USD file may disclose memory contents
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
- Model I/O:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
- Description: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro
- Model I/O:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted USD file may disclose memory contents
- Description: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
- Model I/O:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted file may disclose user information
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security
- Model I/O:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security
- Preferences:
- Available for: macOS Catalina
- Impact: A malicious application may be able to elevate privileges
- Description: A race condition was addressed with improved state handling.
- CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
- Sandbox:
- Available for: macOS Catalina
- Impact: A malicious application may be able to bypass certain Privacy preferences
- Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.
- CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
- Script Editor:
- Available for: macOS Catalina
- Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions
- Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.
- CVE-2021-30975: Ryan Pickren (ryanpickren.com)
- TCC:
- Available for: macOS Catalina
- Impact: A local user may be able to modify protected parts of the file system
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30767: @gorelics
- TCC:
- Available for: macOS Catalina
- Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security
- Wi-Fi:
- Available for: macOS Catalina
- Impact: A local user may be able to cause unexpected system termination or read kernel memory
- Description: This issue was addressed with improved checks.
- CVE-2021-30938: Xinru Chi of Pangu Lab
New in Apple Security Update (macOS Security Update) 2021-006 Catalina (Oct 25, 2021)
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
- Description: A type confusion issue was addressed with improved state handling.
- CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero
New in Apple Security Update (macOS Security Update) 2021-005 Catalina (Sep 24, 2021)
- CoreGraphics:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An integer overflow was addressed with improved input validation.
- CVE-2021-30860: The Citizen Lab
- CoreServices:
- Available for: macOS Catalina
- Impact: A sandboxed process may be able to circumvent sandbox restrictions
- Description: An access issue was addressed with improved access restrictions.
- CVE-2021-30783: an anonymous researcher, Ron Hass (@ronhass7) of Perception Point
- Entry added September 20, 2021
- CUPS:
- Available for: macOS Catalina
- Impact: A local attacker may be able to elevate their privileges
- Description: A permissions issue existed. This issue was addressed with improved permission validation.
- CVE-2021-30827: an anonymous researcher
- Entry added September 20, 2021
- CUPS:
- Available for: macOS Catalina
- Impact: A local user may be able to read arbitrary files as root
- Description: This issue was addressed with improved checks.
- CVE-2021-30828: an anonymous researcher
- Entry added September 20, 2021
- CUPS:
- Available for: macOS Catalina
- Impact: A local user may be able to execute arbitrary files
- Description: A URI parsing issue was addressed with improved parsing.
- CVE-2021-30829: an anonymous researcher
- Entry added September 20, 2021
- curl:
- Available for: macOS Catalina
- Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol
- Description: A buffer overflow was addressed with improved input validation.
- CVE-2021-22925:
- Entry added September 20, 2021
- CVMS:
- Available for: macOS Catalina
- Impact: A local attacker may be able to elevate their privileges
- Description: A memory corruption issue was addressed with improved state management.
- CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
- Entry added September 20, 2021
- FontParser:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution
- Description: This issue was addressed with improved checks.
- CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
- Entry added September 20, 2021
- ImageIO:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: This issue was addressed with improved checks.
- CVE-2021-30835: Ye Zhang of Baidu Security
- CVE-2021-30847: Mike Zhang of Pangu Lab
- Entry added September 20, 2021
- Kernel:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2021-30830: Zweig of Kunlun Lab
- Entry added September 20, 2021
- Kernel:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-30865: Zweig of Kunlun Lab
- Entry added September 20, 2021
- Kernel:
- Available for: macOS Catalina
- Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
- Description: A race condition was addressed with additional validation.
- CVE-2020-29622: Jordy Zomer of Certified Secure
- Entry added September 20, 2021
- Kernel:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A race condition was addressed with improved locking.
- CVE-2021-30857: Zweig of Kunlun Lab
- Entry added September 20, 2021
- Kernel:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A type confusion issue was addressed with improved state handling.
- CVE-2021-30859: Apple
- Entry added September 20, 2021
- libexpat:
- Available for: macOS Catalina
- Impact: A remote attacker may be able to cause a denial of service
- Description: This issue was addressed by updating expat to version 2.4.1.
- CVE-2013-0340: an anonymous researcher
- Entry added September 20, 2021
- Preferences:
- Available for: macOS Catalina
- Impact: An application may be able to access restricted files
- Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
- CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
- Entry added September 20, 2021
- Sandbox:
- Available for: macOS Catalina
- Impact: A user may gain access to protected parts of the file system
- Description: An access issue was addressed with improved access restrictions.
- CVE-2021-30850: an anonymous researcher
- Entry added September 20, 2021
- SMB:
- Available for: macOS Catalina
- Impact: A remote attacker may be able to leak memory
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
- Entry added September 20, 2021
- TCC:
- Available for: macOS Catalina
- Impact: A malicious application may be able to bypass Privacy preferences
- Description: A permissions issue was addressed with improved validation.
- CVE-2021-30713: an anonymous researcher
New in Apple Security Update (macOS Security Update) 2021-005 Mojave (Aug 5, 2021)
- AMD Kernel:
- Available for: macOS Mojave
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved input validation.
- CVE-2021-30805: ABC Research s.r.o
- AppKit:
- Available for: macOS Mojave
- Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
- Description: An information disclosure issue was addressed by removing the vulnerable code.
- CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative
- Audio:
- Available for: macOS Mojave
- Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: This issue was addressed with improved checks.
- CVE-2021-30781: tr3e
- Bluetooth:
- Available for: macOS Mojave
- Impact: A malicious application may be able to gain root privileges
- Description: A memory corruption issue was addressed with improved state management.
- CVE-2021-30672: say2 of ENKI
- CoreStorage:
- Available for: macOS Mojave
- Impact: A malicious application may be able to gain root privileges
- Description: An injection issue was addressed with improved validation.
- CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
- CoreText:
- Available for: macOS Mojave
- Impact: Processing a maliciously crafted font may result in the disclosure of process memory
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-30733: Sunglin from the Knownsec 404
- CVMS:
- Available for: macOS Mojave
- Impact: A malicious application may be able to gain root privileges
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications
- FontParser:
- Available for: macOS Mojave
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: An integer overflow was addressed through improved input validation.
- CVE-2021-30760: Sunglin of Knownsec 404 team
- FontParser:
- Available for: macOS Mojave
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: A stack overflow was addressed with improved input validation.
- CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative
- FontParser:
- Available for: macOS Mojave
- Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents
- Description: This issue was addressed with improved checks.
- CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative
- Intel Graphics Driver:
- Available for: macOS Mojave
- Impact: An application may be able to cause unexpected system termination or write kernel memory
- Description: This issue was addressed with improved checks.
- CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative
- Intel Graphics Driver:
- Available for: macOS Mojave
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2021-30765: Liu Long of Ant Security Light-Year Lab
- CVE-2021-30766: Liu Long of Ant Security Light-Year Lab
- Kernel:
- Available for: macOS Mojave
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A double free issue was addressed with improved memory management.
- CVE-2021-30703: an anonymous researcher
- Kernel:
- Available for: macOS Mojave
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab
- LaunchServices:
- Available for: macOS Mojave
- Impact: A malicious application may be able to break out of its sandbox
- Description: This issue was addressed with improved environment sanitization.
- CVE-2021-30677: Ron Waisberg (@epsilan)
- LaunchServices:
- Available for: macOS Mojave
- Impact: A sandboxed process may be able to circumvent sandbox restrictions
- Description: An access issue was addressed with improved access restrictions.
- CVE-2021-30783: Ron Waisberg (@epsilan)
- Model I/O:
- Available for: macOS Mojave
- Impact: Processing a maliciously crafted image may lead to a denial of service
- Description: A logic issue was addressed with improved validation.
- CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro
- Sandbox:
- Available for: macOS Mojave
- Impact: A malicious application may be able to access restricted files
- Description: This issue was addressed with improved checks.
- CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security
- WebKit:
- Available for: macOS Mojave
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2021-30799: Sergei Glazunov of Google Project Zero
New in Apple Security Update (macOS Security Update) 2021-002 Catalina (May 25, 2021)
- APFS:
- Available for: macOS Catalina
- Impact: A local user may be able to read arbitrary files
- Description: The issue was addressed with improved permissions logic.
- CVE-2021-1797: Thomas Tempelmann
- Archive Utility:
- Available for: macOS Catalina
- Impact: A malicious application may bypass Gatekeeper checks
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1810: Rasmus Sten (@pajp) of F-Secure
- Audio:
- Available for: macOS Catalina
- Impact: An application may be able to read restricted memory
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
- CFNetwork:
- Available for: macOS Catalina
- Impact: Processing maliciously crafted web content may disclose sensitive user information
- Description: A memory initialization issue was addressed with improved memory handling.
- CVE-2021-1857: an anonymous researcher
- CoreAudio:
- Available for: macOS Catalina
- Impact: A malicious application may be able to read restricted memory
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
- CoreGraphics:
- Available for: macOS Catalina
- Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2021-1847: Xuwei Liu of Purdue University
- CoreText:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted font may result in the disclosure of process memory
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
- curl:
- Available for: macOS Catalina
- Impact: A malicious server may be able to disclose active services
- Description: This issue was addressed with improved checks.
- CVE-2020-8284: Marian Rehak
- Entry added May 6, 2021
- curl:
- Available for: macOS Catalina
- Impact: A remote attacker may be able to cause a denial of service
- Description: A buffer overflow was addressed with improved input validation.
- CVE-2020-8285: xnynx
- curl:
- Available for: macOS Catalina
- Impact: An attacker may provide a fraudulent OCSP response that would appear valid
- Description: This issue was addressed with improved checks.
- CVE-2020-8286: an anonymous researcher
- DiskArbitration:
- Available for: macOS Catalina
- Impact: A malicious application may be able to modify protected parts of the file system
- Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.
- CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher
- FontParser:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro
- FontParser:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: A logic issue was addressed with improved state management.
- CVE-2020-27942: an anonymous researcher
- Foundation:
- Available for: macOS Catalina
- Impact: A malicious application may be able to gain root privileges
- Description: A validation issue was addressed with improved logic.
- CVE-2021-1813: Cees Elzinga
- Foundation:
- Available for: macOS Catalina
- Impact: An application may be able to gain elevated privileges
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
- ImageIO:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: This issue was addressed with improved checks.
- CVE-2021-1843: Ye Zhang of Baidu Security
- Intel Graphics Driver:
- Available for: macOS Catalina
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
- Kernel:
- Available for: macOS Catalina
- Impact: A malicious application may be able to disclose kernel memory
- Description: A memory initialization issue was addressed with improved memory handling.
- CVE-2021-1860: @0xalsr
- Kernel:
- Available for: macOS Catalina
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1851: @0xalsr
- Kernel:
- Available for: macOS Catalina
- Impact: A local attacker may be able to elevate their privileges
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
- libxpc:
- Available for: macOS Catalina
- Impact: A malicious application may be able to gain root privileges
- Description: A race condition was addressed with additional validation.
- CVE-2021-30652: James Hutchins
- libxslt:
- Available for: macOS Catalina
- Impact: Processing a maliciously crafted file may lead to heap corruption
- Description: A double free issue was addressed with improved memory management.
- CVE-2021-1875: Found by OSS-Fuzz
- Login Window:
- Available for: macOS Catalina
- Impact: A malicious application with root privileges may be able to access private information
- Description: This issue was addressed with improved entitlements.
- CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing
- NSRemoteView:
- Available for: macOS Catalina
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2021-1876: Matthew Denton of Google Chrome
- Preferences:
- Available for: macOS Catalina
- Impact: A local user may be able to modify protected parts of the file system
- Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
- CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
- CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)
- smbx:
- Available for: macOS Catalina
- Impact: An attacker in a privileged network position may be able to leak sensitive user information
- Description: An integer overflow was addressed with improved input validation.
- CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)
- System Preferences:
- Available for: macOS Catalina
- Impact: A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30657: Cedric Owens (@cedowens)
- Entry added April 27, 2021, updated April 30, 2021
- Tailspin:
- Available for: macOS Catalina
- Impact: A local attacker may be able to elevate their privileges
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1868: Tim Michaud of Zoom Communications
- tcpdump:
- Available for: macOS Catalina
- Impact: A remote attacker may be able to cause a denial of service
- Description: This issue was addressed with improved checks.
- CVE-2020-8037: an anonymous researcher
- Time Machine:
- Available for: macOS Catalina
- Impact: A local attacker may be able to elevate their privileges
- Description: The issue was addressed with improved permissions logic.
- CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
- Wi-Fi:
- Available for: macOS Catalina
- Impact: An application may be able to cause unexpected system termination or write kernel memory
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
- wifivelocityd:
- Available for: macOS Catalina
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: The issue was addressed with improved permissions logic.
- CVE-2020-3838: Dayton Pidhirney (@_watbulb)
- WindowServer:
- Available for: macOS Catalina
- Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields
- Description: An API issue in Accessibility TCC permissions was addressed with improved state management.
- CVE-2021-1873: an anonymous researcher
New in Apple Security Update (macOS Security Update) 2021-001 Catalina / 2021-002 Mojave (Feb 10, 2021)
- Analytics:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: A remote attacker may be able to cause a denial of service
- Description: This issue was addressed with improved checks.
- CVE-2021-1761: Cees Elzinga
- APFS:
- Available for: macOS Big Sur 11.0.1
- Impact: A local user may be able to read arbitrary files
- Description: The issue was addressed with improved permissions logic.
- CVE-2021-1797: Thomas Tempelmann
- CFNetwork Cache:
- Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: An integer overflow was addressed with improved input validation.
- CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
- CoreAnimation:
- Available for: macOS Big Sur 11.0.1
- Impact: A malicious application could execute arbitrary code leading to compromise of user information
- Description: A memory corruption issue was addressed with improved state management.
- CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
- CoreAudio:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing maliciously crafted web content may lead to code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
- CoreGraphics:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2021-1776: Ivan Fratric of Google Project Zero
- CoreMedia:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
- CoreText:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
- Description: A stack overflow was addressed with improved input validation.
- CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
- CoreText:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: A remote attacker may be able to cause arbitrary code execution
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
- Crash Reporter:
- Available for: macOS Catalina 10.15.7
- Impact: A remote attacker may be able to cause a denial of service
- Description: This issue was addressed with improved checks.
- CVE-2021-1761: Cees Elzinga
- Crash Reporter:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: A local attacker may be able to elevate their privileges
- Description: Multiple issues were addressed with improved logic.
- CVE-2021-1787: James Hutchins
- Crash Reporter:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: A local user may be able to create or modify system files
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
- Directory Utility:
- Available for: macOS Catalina 10.15.7
- Impact: A malicious application may be able to access private information
- Description: A logic issue was addressed with improved state management.
- CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
- Endpoint Security:
- Available for: macOS Catalina 10.15.7
- Impact: A local attacker may be able to elevate their privileges
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center
- FairPlay:
- Available for: macOS Big Sur 11.0.1
- Impact: A malicious application may be able to disclose kernel memory
- Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
- CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
- FontParser:
- Available for: macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted font may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs
- FontParser:
- Available for: macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted font may lead to arbitrary code execution
- Description: This issue was addressed by removing the vulnerable code.
- CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
- FontParser:
- Available for: macOS Mojave 10.14.6
- Impact: A remote attacker may be able to leak memory
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
- FontParser:
- Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
- Impact: A remote attacker may be able to cause arbitrary code execution
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-1758: Peter Nguyen of STAR Labs
- ImageIO:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An access issue was addressed with improved memory management.
- CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to a denial of service
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to a denial of service
- Description: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.
- CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-1736: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted image may lead to a denial of service
- Description: This issue was addressed with improved checks.
- CVE-2021-1766: Danny Rosseau of Carve Systems
- ImageIO:
- Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
- Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: This issue was addressed with improved checks.
- CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2021-1738: Lei Sun
- CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
- IOKit:
- Available for: macOS Big Sur 11.0.1
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A logic error in kext loading was addressed with improved state handling.
- CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
- IOSkywalkFamily:
- Available for: macOS Big Sur 11.0.1
- Impact: A local attacker may be able to elevate their privileges
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas
- Kernel:
- Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
- CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
- Kernel:
- Available for: macOS Big Sur 11.0.1
- Impact: A remote attacker may be able to cause a denial of service
- Description: A use after free issue was addressed with improved memory management.
- CVE-2021-1764: @m00nbsd
- Kernel:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: A race condition was addressed with improved locking.
- CVE-2021-1782: an anonymous researcher
- Kernel:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple issues were addressed with improved logic.
- CVE-2021-1750: @0xalsr
- Login Window:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: An attacker in a privileged network position may be able to bypass authentication policy
- Description: An authentication issue was addressed with improved state management.
- CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
- Messages:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: A user that is removed from an iMessage group could rejoin the group
- Description: This issue was addressed with improved checks.
- CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
- Model I/O:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2021-1762: Mickey Jin of Trend Micro
- Model I/O:
- Available for: macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted file may lead to heap corruption
- Description: This issue was addressed with improved checks.
- CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
- Model I/O:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
- Description: A buffer overflow was addressed with improved bounds checking.
- CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
- Model I/O:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted image may lead to heap corruption
- Description: This issue was addressed with improved checks.
- CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
- Model I/O:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
- Model I/O:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
- Model I/O:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
- NetFSFramework:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
- Description: A logic issue was addressed with improved state management.
- CVE-2021-1751: Mikko Kenttälä (@Turmio_) of SensorFu
- OpenLDAP:
- Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
- Impact: A remote attacker may be able to cause a denial of service
- Description: This issue was addressed with improved checks.
- CVE-2020-25709
- Power Management:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A malicious application may be able to elevate privileges
- Description: A logic issue was addressed with improved state management.
- CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
- Screen Sharing:
- Available for: macOS Big Sur 11.0.1
- Impact: Multiple issues in pcre
- Description: Multiple issues were addressed by updating to version 8.44.
- CVE-2019-20838
- CVE-2020-14155
- SQLite:
- Available for: macOS Catalina 10.15.7
- Impact: Multiple issues in SQLite
- Description: Multiple issues were addressed by updating SQLite to version 3.32.3.
- CVE-2020-15358
- Swift:
- Available for: macOS Big Sur 11.0.1
- Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
- Description: A logic issue was addressed with improved validation.
- CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
- WebKit:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2021-1788: Francisco Alonso (@revskills)
- WebKit:
- Available for: macOS Big Sur 11.0.1
- Impact: Maliciously crafted web content may violate iframe sandboxing policy
- Description: This issue was addressed with improved iframe sandbox enforcement.
- CVE-2021-1765: Eliya Stein of Confiant
- CVE-2021-1801: Eliya Stein of Confiant
- WebKit:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A type confusion issue was addressed with improved state handling.
- CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
- WebKit:
- Available for: macOS Big Sur 11.0.1
- Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A logic issue was addressed with improved restrictions.
- CVE-2021-1871: an anonymous researcher
- CVE-2021-1870: an anonymous researcher
- WebRTC:
- Available for: macOS Big Sur 11.0.1
- Impact: A malicious website may be able to access restricted ports on arbitrary servers
- Description: A port redirection issue was addressed with additional port validation.
- CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar
New in Apple Security Update (macOS Security Update) 2020-001 Catalina / 2020-007 Mojave (Dec 17, 2020)
- AMD:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved input validation.
- CVE-2020-27914: Yu Wang of Didi Research America
- CVE-2020-27915: Yu Wang of Didi Research America
- App Store:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An application may be able to gain elevated privileges
- Description: This issue was addressed by removing the vulnerable code.
- CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
- AppleGraphicsControl:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A validation issue was addressed with improved logic.
- CVE-2020-27941: shrek_wzw
- AppleMobileFileIntegrity:
- Available for: macOS Big Sur 11.0.1
- Impact: A malicious application may be able to bypass Privacy preferences
- Description: This issue was addressed with improved checks.
- CVE-2020-29621: Wojciech Reguła (@_r3ggi) of SecuRing
- Audio:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
- Audio:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A malicious application may be able to read restricted memory
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab
- Audio:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An application may be able to read restricted memory
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab
- Audio:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
- Bluetooth:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A remote attacker may be able to cause unexpected application termination or heap corruption
- Description: Multiple integer overflows were addressed with improved input validation.
- CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
- CoreAudio:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab
- CoreAudio:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
- CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
- CoreAudio:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab
- CoreText:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: A logic issue was addressed with improved state management.
- CVE-2020-27922: Mickey Jin of Trend Micro
- FontParser:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted font may result in the disclosure of process memory
- Description: An information disclosure issue was addressed with improved state management.
- CVE-2020-27946: Mateusz Jurczyk of Google Project Zero
- FontParser:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: A buffer overflow was addressed with improved size validation.
- CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
- FontParser:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro
- FontParser:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative
- FontParser:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.
- CVE-2020-27931: Apple
- CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
- CVE-2020-27944: Mateusz Jurczyk of Google Project Zero
- Foundation:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A local user may be able to read arbitrary files
- Description: A logic issue was addressed with improved state management.
- CVE-2020-10002: James Hutchins
- Graphics Drivers:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved input validation.
- CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
- Graphics Drivers:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
- HomeKit:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An attacker in a privileged network position may be able to unexpectedly alter application state
- Description: This issue was addressed with improved setting propagation.
- CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology
- Image Processing:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved input validation.
- CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative
- ImageIO:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-27924: Lei Sun
- CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2020-29611: Ivan Fratric of Google Project Zero
- ImageIO:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: Processing a maliciously crafted image may lead to heap corruption
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
- CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab
- ImageIO:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
- CVE-2020-27923: Lei Sun
- Intel Graphics Driver:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
- CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington
- Intel Graphics Driver:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
- Kernel:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A malicious application may be able to determine kernel memory layout
- Description: A logic issue was addressed with improved state management.
- CVE-2020-9974: Tommy Muir (@Muirey03)
- Kernel:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved state management.
- CVE-2020-10016: Alex Helie
- Kernel:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
- Description: Multiple memory corruption issues were addressed with improved input validation.
- CVE-2020-9967: Alex Plaskett (@alexjplaskett)
- Kernel:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A use after free issue was addressed with improved memory management.
- CVE-2020-9975: Tielei Wang of Pangu Lab
- Kernel:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A race condition was addressed with improved state handling.
- CVE-2020-27921: Linus Henze (pinauten.de)
- Kernel:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
- Impact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace
- Description: This issue was addressed with improved checks to prevent unauthorized actions.
- CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab
- Kernel:
- Available for: macOS Big Sur 11.0.1
- Impact: A malicious application may be able to elevate privileges
- Description: This issue was addressed with improved entitlements.
- CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security
- libxml2:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: An integer overflow was addressed through improved input validation.
- CVE-2020-27911: found by OSS-Fuzz
- libxml2:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing maliciously crafted web content may lead to code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2020-27920: found by OSS-Fuzz
- libxml2:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2020-27926: found by OSS-Fuzz
- libxpc:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A malicious application may be able to break out of its sandbox
- Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
- CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
- Logging:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A local attacker may be able to elevate their privileges
- Description: A path handling issue was addressed with improved validation.
- CVE-2020-10010: Tommy Muir (@Muirey03)
- Model I/O:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
- Model I/O:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
- Description: A logic issue was addressed with improved state management.
- CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
- NSRemoteView:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A sandboxed process may be able to circumvent sandbox restrictions
- Description: A logic issue was addressed with improved restrictions.
- CVE-2020-27901: Thijs Alkemade of Computest Research Division
- Power Management:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A malicious application may be able to determine kernel memory layout
- Description: A logic issue was addressed with improved state management.
- CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative
- Quick Look:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: Processing a maliciously crafted document may lead to a cross site scripting attack
- Description: An access issue was addressed with improved access restrictions.
- CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
- Ruby:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A remote attacker may be able to modify the file system
- Description: A path handling issue was addressed with improved validation.
- CVE-2020-27896: an anonymous researcher
- System Preferences:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: A sandboxed process may be able to circumvent sandbox restrictions
- Description: A logic issue was addressed with improved state management.
- CVE-2020-10009: Thijs Alkemade of Computest Research Division
- WebRTC:
- Available for: macOS Big Sur 11.0.1
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2020-15969: an anonymous researcher
- Wi-Fi:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
- Impact: An attacker may be able to bypass Managed Frame Protection
- Description: A denial of service issue was addressed with improved state handling.
- CVE-2020-27898: Stephan Marais of University of Johannesburg
New in Apple Security Update (macOS Security Update) 2020-006 Mojave / High Sierra (Nov 20, 2020)
- FontParser:
- Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
- Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.
- Description: A memory corruption issue was addressed with improved input validation.
- Kernel:
- Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
- Description: A type confusion issue was addressed with improved state handling.
- Kernel:
- Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
- Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.
- Description: A memory initialization issue was addressed.
New in Apple Security Update (macOS Security Update) 2020-002 Mojave / 2020-002 High Sierra (May 27, 2020)
- Accounts:
- Available for: macOS Catalina 10.15.3
- Impact: A sandboxed process may be able to circumvent sandbox restrictions
- Description: A logic issue was addressed with improved restrictions.
- CVE-2020-9772: Allison Husain of UC Berkeley
- Entry added May 21, 2020
- Apple HSSPI Support:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
- Entry updated May 1, 2020
- AppleGraphicsControl:
- Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed with improved state management.
- CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
- AppleMobileFileIntegrity:
- Available for: macOS Catalina 10.15.3
- Impact: An application may be able to use arbitrary entitlements
- Description: This issue was addressed with improved checks.
- CVE-2020-3883: Linus Henze (pinauten.de)
- Bluetooth:
- Available for: macOS Catalina 10.15.3
- Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
- Description: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.
- CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab
- Entry added May 21, 2020
- Bluetooth:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: A malicious application may be able to determine kernel memory layout
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2020-9853: Yu Wang of Didi Research America
- Entry added May 21, 2020
- Bluetooth:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: A local user may be able to cause unexpected system termination or read kernel memory
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-3907: Yu Wang of Didi Research America
- CVE-2020-3908: Yu Wang of Didi Research America
- CVE-2020-3912: Yu Wang of Didi Research America
- Bluetooth:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved input validation.
- CVE-2020-3892: Yu Wang of Didi Research America
- CVE-2020-3893: Yu Wang of Didi Research America
- CVE-2020-3905: Yu Wang of Didi Research America
- Bluetooth:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
- Call History:
- Available for: macOS Catalina 10.15.3
- Impact: A malicious application may be able to access a user's call history
- Description: This issue was addressed with a new entitlement.
- CVE-2020-9776: Benjamin Randazzo (@____benjamin)
- CoreBluetooth:
- Available for: macOS Catalina 10.15.3
- Impact: A remote attacker may be able to leak sensitive user information
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab
- Entry added May 13, 2020
- CoreFoundation:
- Available for: macOS Catalina 10.15.3
- Impact: A malicious application may be able to elevate privileges
- Description: A permissions issue existed. This issue was addressed with improved permission validation.
- CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
- CoreText:
- Available for: macOS Catalina 10.15.3
- Impact: Processing a maliciously crafted text message may lead to application denial of service
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com
- Entry added May 21, 2020
- CUPS:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: An application may be able to gain elevated privileges
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2020-3898: Stephan Zeisberg (github.com/stze) of Security Research Labs (srlabs.de)
- Entry added April 8, 2020
- FaceTime:
- Available for: macOS Catalina 10.15.3
- Impact: A local user may be able to view sensitive user information
- Description: A logic issue was addressed with improved state management.
- CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology
- Icons:
- Available for: macOS Catalina 10.15.3
- Impact: A malicious application may be able to identify what other applications a user has installed
- Description: The issue was addressed with improved handling of icon caches.
- CVE-2020-9773: Chilik Tamir of Zimperium zLabs
- Intel Graphics Driver:
- Available for: macOS Catalina 10.15.3
- Impact: A malicious application may disclose restricted memory
- Description: An information disclosure issue was addressed with improved state management.
- CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina
- IOHIDFamily:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A memory initialization issue was addressed with improved memory handling.
- CVE-2020-3919: Alex Plaskett of F-Secure Consulting
- Entry updated May 21, 2020
- IOThunderboltFamily:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
- Impact: An application may be able to gain elevated privileges
- Description: A use after free issue was addressed with improved memory management.
- CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington
- Kernel:
- Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3
- Impact: An application may be able to read restricted memory
- Description: A memory initialization issue was addressed with improved memory handling.
- CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
- Kernel:
- Available for: macOS Catalina 10.15.3
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed with improved state management.
- CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
- libxml2:
- Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3
- Impact: Multiple issues in libxml2
- Description: A buffer overflow was addressed with improved bounds checking.
- CVE-2020-3909: LGTM.com
- CVE-2020-3911: found by OSS-Fuzz
- libxml2:
- Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3
- Impact: Multiple issues in libxml2
- Description: A buffer overflow was addressed with improved size validation.
- CVE-2020-3910: LGTM.com
- Mail:
- Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: A remote attacker may be able to cause arbitrary javascript code execution
- Description: An injection issue was addressed with improved validation.
- CVE-2020-3884: Apple
- Printing:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3
- Impact: A malicious application may be able to overwrite arbitrary files
- Description: A path handling issue was addressed with improved validation.
- CVE-2020-3915: An anonymous researcher working with iDefense Labs (https://vcp.idefense.com/), HyungSeok Han (DaramG) @Theori working with TrendMicro’s Zero Day Initiative
- Entry added May 1, 2020
- Safari:
- Available for: macOS Catalina 10.15.3
- Impact: A user's private browsing activity may be unexpectedly saved in Screen Time
- Description: An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling.
- CVE-2020-9775: Andrian (@retroplasma), Marat Turaev, Marek Wawro (futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
- Entry added May 13, 2020
- Sandbox:
- Available for: macOS Catalina 10.15.3
- Impact: A user may gain access to protected parts of the file system
- Description: This issue was addressed with a new entitlement.
- CVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security
- Entry added May 21, 2020
- Sandbox:
- Available for: macOS Catalina 10.15.3
- Impact: A local user may be able to view sensitive user information
- Description: An access issue was addressed with additional sandbox restrictions.
- CVE-2020-3918: an anonymous researcher, Augusto Alvarez of Outcourse Limited
- Entry added April 8, 2020, updated May 21, 2020
- sudo:
- Available for: macOS Catalina 10.15.3
- Impact: An attacker may be able to run commands as a non-existent user
- Description: This issue was addressed by updating to sudo version 1.8.31.
- CVE-2019-19232
- sysdiagnose:
- Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
- Impact: An application may be able to trigger a sysdiagnose
- Description: This issue was addressed with improved checks
- CVE-2020-9786: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)
- Entry added April 4, 2020
- TCC:
- Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
- Impact: A maliciously crafted application may be able to bypass code signing enforcement
- Description: A logic issue was addressed with improved restrictions.
- CVE-2020-3906: Patrick Wardle of Jamf
- Time Machine:
- Available for: macOS Catalina 10.15.3
- Impact: A local user may be able to read arbitrary files
- Description: A logic issue was addressed with improved state management.
- CVE-2020-3889: Lasse Trolle Borup of Danish Cyber Defence
- Vim:
- Available for: macOS Catalina 10.15.3
- Impact: Multiple issues in Vim
- Description: Multiple issues were addressed by updating to version 8.1.1850.
- CVE-2020-9769: Steve Hahn from LinkedIn
- WebKit:
- Available for: macOS Catalina 10.15.3
- Impact: Some websites may not have appeared in Safari Preferences
- Description: A logic issue was addressed with improved restrictions.
- CVE-2020-9787: Ryan Pickren (ryanpickren.com)
- Entry added April 8, 2020
- Additional recognition
- CoreText:
- We would like to acknowledge an anonymous researcher for their assistance.
- FireWire Audio:
- We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington for their assistance.
- FontParser:
- We would like to acknowledge Matthew Denton of Google Chrome for their assistance.
- Install Framework Legacy:
- We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch of UAL Creative Computing Institute, and an anonymous researcher for their assistance.
- LinkPresentation:
- We would like to acknowledge Travis for their assistance.
- OpenSSH:
- We would like to acknowledge an anonymous researcher for their assistance.
- rapportd:
- We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance.
- Sidecar:
- We would like to acknowledge Rick Backley (@rback_sec) for their assistance.
- sudo:
- We would like to acknowledge Giorgio Oppo (linkedin.com/in/giorgio-oppo/) for their assistance.
New in Apple Security Update (macOS Security Update) 2018-004 (Jul 10, 2018)
- SECURITY FIXES:
- AMD:
- Available for: macOS High Sierra 10.13.5
- Impact: A malicious application may be able to determine kernel memory layout
- Description: An information disclosure issue was addressed by removing the vulnerable code.
- CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team
- APFS:
- Available for: macOS High Sierra 10.13.5
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative
- ATS:
- Available for: macOS High Sierra 10.13.5
- Impact: A malicious application may be able to gain root privileges
- Description: A type confusion issue was addressed with improved memory handling.
- CVE-2018-4285: Mohamed Ghannam (@_simo36)
- CFNetwork:
- Available for: macOS High Sierra 10.13.5
- Impact: Cookies may unexpectedly persist in Safari
- Description: A cookie management issue was addressed with improved checks.
- CVE-2018-4293: an anonymous researcher
- CoreCrypto:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
- Impact: A malicious application may be able to break out of its sandbox
- Description: A memory corruption issue was addressed with improved input validation.
- CVE-2018-4269: Abraham Masri (@cheesecakeufo)
- DesktopServices:
- Available for: macOS Sierra 10.12.6
- Impact: A local user may be able to view sensitive user information
- Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation.
- CVE-2018-4178: Arjen Hendrikse
- IOGraphics:
- Available for: macOS High Sierra 10.13.5
- Impact: A local user may be able to read kernel memory
- Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
- CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative
- Kernel:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
- Impact: Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel
- Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.
- An information disclosure issue was addressed with FP/SIMD register state sanitization.
- CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival
- libxpc:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
- Impact: An application may be able to gain elevated privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4280: Brandon Azad
- libxpc:
- Available for: macOS High Sierra 10.13.5
- Impact: A malicious application may be able to read restricted memory
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2018-4248: Brandon Azad
- LinkPresentation:
- Available for: macOS High Sierra 10.13.5
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
- CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)
New in Apple Security Update (macOS Security Update) 2018-002 (Mar 30, 2018)
- SECURITY FIXES:
- Admin Framework:
- Available for: macOS High Sierra 10.13.3
- Impact: Passwords supplied to sysadminctl may be exposed to other local users
- Description: The sysadminctl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. This update makes the password parameter optional, and sysadminctl will prompt for the password if needed.
- CVE-2018-4170: an anonymous researcher
- APFS:
- Available for: macOS High Sierra 10.13.3
- Impact: An APFS volume password may be unexpectedly truncated
- Description: An injection issue was addressed through improved input validation.
- CVE-2018-4105: David J Beitey (@davidjb_), Geoffrey Bugniot
- ATS:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: Processing a maliciously crafted file might disclose user information
- Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.
- CVE-2018-4112: Haik Aftandilian of Mozilla
- CFNetwork Session:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4166: Samuel Groß (@5aelo)
- CoreFoundation:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4155: Samuel Groß (@5aelo)
- CVE-2018-4158: Samuel Groß (@5aelo)
- CoreText:
- Available for: macOS High Sierra 10.13.3
- Impact: Processing a maliciously crafted string may lead to a denial of service
- Description: A denial of service issue was addressed through improved memory handling.
- CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
- CoreTypes:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
- Impact: Processing a maliciously crafted webpage may result in the mounting of a disk image
- Description: A logic issue was addressed with improved restrictions.
- CVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis
- curl:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
- Impact: Multiple issues in curl
- Description: An integer overflow existed in curl. This issue was addressed through improved bounds checking.
- CVE-2017-8816: an anonymous researcher
- Disk Images:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: Mounting a malicious disk image may result in the launching of an application
- Description: A logic issue was addressed with improved validation.
- CVE-2018-4176: Theodor Ragnar Gislason of Syndis
- Disk Management:
- Available for: macOS High Sierra 10.13.3
- Impact: An APFS volume password may be unexpectedly truncated
- Description: An injection issue was addressed through improved input validation.
- CVE-2018-4108: Kamatham Chaitanya of ShiftLeft Inc., an anonymous researcher
- File System Events:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4167: Samuel Groß (@5aelo)
- iCloud Drive:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4151: Samuel Groß (@5aelo)
- Intel Graphics Driver:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4132: Axis and pjf of IceSword Lab of Qihoo 360
- IOFireWireFamily:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4135: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
- Kernel:
- Available for: macOS High Sierra 10.13.3
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4150: an anonymous researcher
- Kernel:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
- Kernel:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4143: derrek (@derrekr6)
- Kernel:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: An out-of-bounds read was addressed through improved bounds checking.
- CVE-2018-4136: Jonas Jensen of lgtm.com and Semmle
- Kernel:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: An out-of-bounds read was addressed through improved bounds checking.
- CVE-2018-4160: Jonas Jensen of lgtm.com and Semmle
- kext tools:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
- CVE-2018-4139: Ian Beer of Google Project Zero
- LaunchServices:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: A maliciously crafted application may be able to bypass code signing enforcement
- Description: A logic issue was addressed with improved validation.
- CVE-2018-4175: Theodor Ragnar Gislason of Syndis
- Mail:
- Available for: macOS High Sierra 10.13.3
- Impact: An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail
- Description: An issue existed in the handling of S/MIME HTML e-mail. This issue was addressed by not loading remote resources on S/MIME encrypted messages by default if the message has an invalid or missing S/MIME signature.
- CVE-2018-4111: an anonymous researcher
- Mail:
- Available for: macOS High Sierra 10.13.3
- Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail
- Description: An inconsistent user interface issue was addressed with improved state management.
- CVE-2018-4174: an anonymous researcher, an anonymous researcher
- Notes:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4152: Samuel Groß (@5aelo)
- NSURLSession:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4166: Samuel Groß (@5aelo)
- NVIDIA Graphics Drivers:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2018-4138: Axis and pjf of IceSword Lab of Qihoo 360
- PDFKit:
- Available for: macOS High Sierra 10.13.3
- Impact: Clicking a URL in a PDF may visit a malicious website
- Description: An issue existed in the parsing of URLs in PDFs. This issue was addressed through improved input validation.
- CVE-2018-4107: an anonymous researcher
- PluginKit:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4156: Samuel Groß (@5aelo)
- Quick Look:
- Available for: macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4157: Samuel Groß (@5aelo)
- Security:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved size validation.
- CVE-2018-4144: Abraham Masri (@cheesecakeufo)
- Storage:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: An application may be able to gain elevated privileges
- Description: A race condition was addressed with additional validation.
- CVE-2018-4154: Samuel Groß (@5aelo)
- System Preferences:
- Available for: macOS High Sierra 10.13.3
- Impact: A configuration profile may incorrectly remain in effect after removal
- Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.
- CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera
- Terminal:
- Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3
- Impact: Pasting malicious content may lead to arbitrary command execution spoofing
- Description: A command injection issue existed in the handling of Bracketed Paste Mode. This issue was addressed through improved validation of special characters.
- CVE-2018-4106: Simon Hosie
- WindowServer:
- Available for: macOS High Sierra 10.13.3
- Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled
- Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.
- CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
New in Apple Security Update (macOS Security Update) 2017-001 (For High Sierra 10.13 / 10.13.1) (Nov 30, 2017)
- SECURITY FIXES:
- Directory Utility:
- Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
- Not impacted: macOS Sierra 10.12.6 and earlier
- Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password
- Description: A logic error existed in the validation of credentials.
- This was addressed with improved credential validation.
- CVE-2017-13872
- To confirm that your Mac has Security Update 2017-001:
- 1. Open the Terminal app, which is in the Utilities folder of your Applications folder.
- 2. Type "what /usr/libexec/opendirectoryd" and press Return.
- 3. If Security Update 2017-001 was installed successfully, you will see one of these project version numbers:
- opendirectoryd-483.1.5 on macOS High Sierra 10.13
- opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
- If you require the root user account on your Mac, see https://support.apple.com/HT204012 for information on how to re-enable the root user and change the root user's password.
New in Apple Security Update (macOS Security Update) 2016-005 (Sep 1, 2016)
- SECURITY FIXES:
- Kernel:
- Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
- Impact: An application may be able to disclose kernel memory
- Description: A validation issue was addressed through improved input sanitization.
- CVE-2016-4655: Citizen Lab and Lookout
- Kernel:
- Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved memory handling.
- CVE-2016-4656: Citizen Lab and Lookout
New in Apple Security Update (macOS Security Update) 2016-003 (May 16, 2016)
- AMD:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved memory handling.
- AMD:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
- Impact: An application may be able to determine kernel memory layout
- Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.
- apache_mod_php:
- Available for: OS X El Capitan v10.11 and later
- Impact: Multiple vulnerabilities in PHP
- Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.
- AppleGraphicsControl:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A null pointer dereference was addressed through improved validation.
- AppleGraphicsPowerManagement:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved memory handling.
- ATS:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to determine kernel memory layout
- Description: An out of bounds memory access issue was addressed through improved memory handling.
- ATS:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator.
- Audio:
- Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
- Impact: An application may be able to cause a denial of service
- Description: A null pointer dereference was addressed through improved validation.
- Audio:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved input validation.
- Captive Network Assistant:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
- Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
- Description: A custom URL scheme handling issue was addressed through improved input validation.
- CFNetwork Proxies:
- Available for: OS X El Capitan v10.11 and later
- Impact: An attacker in a privileged network position may be able to leak sensitive user information
- Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.
- CommonCrypto:
- Available for: OS X El Capitan v10.11 and later
- Impact: A malicious application may be able to leak sensitive user information
- Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.
- CoreCapture:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A null pointer dereference was addressed through improved validation.
- CoreStorage:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A configuration issue was addressed through additional restrictions.
- Crash Reporter:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with root privileges
- Description: A configuration issue was addressed through additional restrictions.
- Disk Images:
- Available for: OS X El Capitan v10.11 and later
- Impact: A local attacker may be able to read kernel memory
- Description: A race condition was addressed through improved locking.
- Disk Images:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
- Disk Utility:
- Available for: OS X El Capitan v10.11 and later
- Impact: Disk Utility failed to compress and encrypt disk images
- Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys.
- Graphics Drivers:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- ImageIO:
- Available for: OS X El Capitan v10.11 and later
- Impact: Processing a maliciously crafted image may lead to a denial of service
- Description: A null pointer dereference was addressed through improved validation.
- Intel Graphics Driver:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A buffer overflow was addressed through improved bounds checking.
- IOAcceleratorFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to cause a denial of service
- Description: A null pointer dereference was addressed through improved locking.
- IOAcceleratorFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- IOAcceleratorFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A null pointer dereference was addressed through improved validation.
- IOAudioFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A buffer overflow was addressed with improved bounds checking.
- IOAudioFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A null pointer dereference was addressed through improved validation.
- IOFireWireFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved memory handling.
- IOHIDFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved memory handling.
- IOHIDFamily:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Kernel:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Kernel:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking.
- libc:
- Available for: OS X El Capitan v10.11 and later
- Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: A memory corruption issue was addressed through improved input validation.
- libxml2:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
- Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- libxslt:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
- Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
- Description: A memory corruption issue was addressed through improved memory handling.
- MapKit:
- Available for: OS X El Capitan v10.11 and later
- Impact: An attacker in a privileged network position may be able to leak sensitive user information
- Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.
- Messages:
- Available for: OS X El Capitan v10.11 and later
- Impact: A malicious server or user may be able to modify another user's contact list
- Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets.
- Messages:
- Available for: OS X El Capitan v10.11 and later
- Impact: A remote attacker may be able to leak sensitive user information
- Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding.
- Multi-Touch:
- Available for: OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed through improved memory handling.
- NVIDIA Graphics Drivers:
- Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- OpenGL:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- QuickTime:
- Available for: OS X El Capitan v10.11 and later
- Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
- Description: A memory corruption issue was addressed through improved memory handling.
- SceneKit:
- Available for: OS X El Capitan v10.11 and later
- Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
- Description: A memory corruption issue was addressed through improved memory handling.
- Screen Lock:
- Available for: OS X El Capitan v10.11 and later
- Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen
- Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling.
- Tcl:
- Available for: OS X El Capitan v10.11 and later
- Impact: An attacker in a privileged network position may be able to leak sensitive user information
- Description: A protocol security issue was addressed by disabling SSLv2.
New in Apple Security Update (macOS Security Update) 2016-002 (Mar 21, 2016)
- apache_mod_php:
- Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution
- Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.
- AppleRAID:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved input validation.
- Impact: A local user may be able to determine kernel memory layout
- Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.
- AppleUSBNetworking:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation.
- Bluetooth:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Carbon:
- Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution
- Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.
- dyld:
- Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context
- Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation.
- FontParser:
- Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue was addressed through improved memory handling.
- HTTPProtocol:
- Impact: A remote attacker may be able to execute arbitrary code
- Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.
- Intel Graphics Driver:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- IOFireWireFamily:
- Impact: A local user may be able to cause a denial of service
- Description: A null pointer dereference was addressed through improved validation.
- IOGraphics:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved input validation.
- IOHIDFamily:
- Impact: An application may be able to determine kernel memory layout
- Description: A memory corruption issue was addressed through improved memory handling.
- IOUSBFamily:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Kernel:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A use after free issue was addressed through improved memory management.
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A race condition existed during the creation of new processes. This was addressed through improved state handling.
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A null pointer dereference was addressed through improved input validation.
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Impact: An application may be able to determine kernel memory layout
- Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple integer overflows were addressed through improved input validation.
- Impact: An application may be able to cause a denial of service
- Description: A denial of service issue was addressed through improved validation.
- Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Messages:
- Impact: Clicking a JavaScript link can reveal sensitive user information
- Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks.
- Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments
- Description: A cryptographic issue was addressed by rejecting duplicate messages on the client.
- NVIDIA Graphics Drivers:
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- OpenSSH:
- Impact: Connecting to a server may leak sensitive user information, such as a client's private keys
- Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client.
- Impact: Multiple vulnerabilities in LibreSSL
- Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8.
- Impact: A remote attacker may be able to cause a denial of service
- Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh.
- Python:
- Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution
- Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.
- QuickTime:
- Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- Reminders:
- Impact: Clicking a tel link can make a call without prompting the user
- Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks.
- Ruby:
- Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648.
- Security:
- Impact: A local user may be able to check for the existence of arbitrary files
- Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks.
- Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
- Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.
- Tcl:
- Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution
- Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng.
- TrueTypeScaler:
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
- Wi-Fi:
- Impact: An attacker with a privileged network position may be able to execute arbitrary code
- Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.
New in Apple Security Update (macOS Security Update) 2016-001 (Jan 19, 2016)
- Recommended for all users and improves the security of OS X.
New in Apple Security Update (macOS Security Update) 2015-002 Mac EFI Security Update (Oct 22, 2015)
- This firmware update improves security of Mac systems by addressing an issue where EFI could potentially be overwritten without authorization.
New in Apple Security Update (macOS Security Update) 2015-007 (Oct 21, 2015)
- For detailed information about the security content of this update, please visit https://support.apple.com/en-us/HT205375.
New in Apple Security Update (macOS Security Update) 2015-006 (Aug 13, 2015)
- Improves the security of OS X.
- Detailed information about the contents of this security update are available at https://support.apple.com/en-us/HT205031.
New in Apple Security Update (macOS Security Update) 2015-005 (Jun 30, 2015)
- Admin Framework:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A process may gain admin privileges without proper authentication
- Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking.
- CVE-ID
- CVE-2015-3671 : Emil Kvarnhammar at TrueSec
- Admin Framework:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A non-admin user may obtain admin rights
- Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking.
- CVE-ID
- CVE-2015-3672 : Emil Kvarnhammar at TrueSec
- Admin Framework:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: An attacker may abuse Directory Utility to gain root privileges
- Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from.
- CVE-ID
- CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec
- afpserver:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling.
- CVE-ID
- CVE-2015-3674 : Dean Jerkovich of NCC Group
- apache:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials
- Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple.
- CVE-ID
- CVE-2015-3675 : Apple
- apache:
- Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code execution
- Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40.
- CVE-ID
- CVE-2015-0235
- CVE-2015-0273
- AppleGraphicsControl:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to determine kernel memory layout
- Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking.
- CVE-ID
- CVE-2015-3676 : Chen Liang of KEEN Team
- AppleFSCompression:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to determine kernel memory layout
- Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling.
- CVE-ID
- CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative
- AppleThunderboltEDMService:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling.
- CVE-ID
- CVE-2015-3678 : Apple
- ATS:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling.
- CVE-ID
- CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative
- CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative
- CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team
- CVE-2015-3682 : 魏诺德
- Bluetooth:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling.
- CVE-ID
- CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks
- Certificate Trust Policy:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: An attacker with a privileged network position may be able to intercept network traffic
- Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. You can learn more about the security partial trust allow list.
- Certificate Trust Policy:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Description: The certificate trust policy was updated. The complete list of certificates may be viewed at the OS X Trust Store.
- CFNetwork HTTPAuthentication:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Following a maliciously crafted URL may lead to arbitrary code execution
- Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling.
- CVE-ID
- CVE-2015-3684 : Apple
- CoreText:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.
- CVE-ID
- CVE-2015-1157
- CVE-2015-3685 : Apple
- CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team
- CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team
- CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team
- CVE-2015-3689 : Apple
- coreTLS:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: An attacker with a privileged network position may intercept SSL/TLS connections
- Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.
- CVE-ID
- CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck
- DiskImages:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to determine kernel memory layout
- Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.
- CVE-ID
- CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative
- Display Drivers:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface.
- CVE-ID
- CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks
- EFI:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application with root privileges may be able to modify EFI flash memory
- Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking.
- CVE-ID
- CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaça
- EFI:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may induce memory corruption to escalate privileges
- Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates.
- CVE-ID
- CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
- FontParser:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
- CVE-ID
- CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team
- Graphics Driver:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking.
- CVE-ID
- CVE-2015-3712 : Ian Beer of Google Project Zero
- Intel Graphics Driver:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges
- Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks.
- CVE-ID
- CVE-2015-3695 : Ian Beer of Google Project Zero
- CVE-2015-3696 : Ian Beer of Google Project Zero
- CVE-2015-3697 : Ian Beer of Google Project Zero
- CVE-2015-3698 : Ian Beer of Google Project Zero
- CVE-2015-3699 : Ian Beer of Google Project Zero
- CVE-2015-3700 : Ian Beer of Google Project Zero
- CVE-2015-3701 : Ian Beer of Google Project Zero
- CVE-2015-3702 : KEEN Team
- ImageIO:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution
- Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4.
- CVE-ID
- CVE-2014-8127
- CVE-2014-8128
- CVE-2014-8129
- CVE-2014-8130
- ImageIO:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking.
- CVE-ID
- CVE-2015-3703 : Apple
- Install Framework Legacy:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges.
- CVE-ID
- CVE-2015-3704 : Ian Beer of Google Project Zero
- IOAcceleratorFamily:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling.
- CVE-ID
- CVE-2015-3705 : KEEN Team
- CVE-2015-3706 : KEEN Team
- IOFireWireFamily:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking.
- CVE-ID
- CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks
- Kernel:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to determine kernel memory layout
- Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
- CVE-ID
- CVE-2015-3720 : Stefan Esser
- Kernel:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to determine kernel memory layout
- Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
- CVE-ID
- CVE-2015-3721 : Ian Beer of Google Project Zero
- kext tools:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to overwrite arbitrary files
- Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links.
- CVE-ID
- CVE-2015-3708 : Ian Beer of Google Project Zero
- kext tools:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A local user may be able to load unsigned kernel extensions
- Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions.
- CVE-ID
- CVE-2015-3709 : Ian Beer of Google Project Zero
- Mail:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed
- Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content.
- CVE-ID
- CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Souček
- ntfs:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to determine kernel memory layout
- Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling.
- CVE-ID
- CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
- ntp:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients
- Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management.
- CVE-ID
- CVE-2015-1798
- CVE-2015-1799
- OpenSSL:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers
- Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf.
- CVE-ID
- CVE-2015-0209
- CVE-2015-0286
- CVE-2015-0287
- CVE-2015-0288
- CVE-2015-0289
- CVE-2015-0293
- QuickTime:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.
- CVE-ID
- CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative
- CVE-2015-3662 : kdot working with HP's Zero Day Initiative
- CVE-2015-3663 : kdot working with HP's Zero Day Initiative
- CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative
- CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs
- CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs
- CVE-2015-3713 : Apple
- Security:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
- Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking.
- CVE-ID
- CVE-2013-1741
- Security:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Tampered applications may not be prevented from launching
- Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation.
- CVE-ID
- CVE-2015-3714 : Joshua Pitts of Leviathan Security Group
- Security:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious application may be able to bypass code signing checks
- Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification.
- CVE-ID
- CVE-2015-3715 : Patrick Wardle of Synack
- Spotlight:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3
- Impact: Searching for a malicious file with Spotlight may lead to command injection
- Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation.
- CVE-ID
- CVE-2015-3716 : Apple
- SQLite:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
- Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking.
- CVE-ID
- CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative
- System Stats:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: A malicious app may be able to compromise systemstatsd
- Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking.
- CVE-ID
- CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks
- TrueTypeScaler:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
- CVE-ID
- CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team
- zip:
- Available for: OS X Yosemite v10.10 to v10.10.3
- Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling.
- CVE-ID
- CVE-2014-8139
- CVE-2014-8140
- CVE-2014-8141
New in Apple Security Update (macOS Security Update) 2015-003 (Mar 20, 2015)
- iCloud Keychain:
- Available for: OS X Yosemite v10.10.2
- Impact: An attacker with a privileged network position may be able to execute arbitrary code
- Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking.
- CVE-ID: CVE-2015-1065 (Andrey Belenko of NowSecure)
- IOSurface:
- Available for: OS X Yosemite v10.10.2
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking.
- CVE-ID: CVE-2015-1061 (Ian Beer of Google Project Zero)
New in Apple Security Update (macOS Security Update) 2015-002 (Mar 10, 2015)
- iCloud Keychain:
- Available for: OS X Yosemite v10.10.2
- Impact: An attacker with a privileged network position may be able to execute arbitrary code
- Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking.
- IOAcceleratorFamily:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: An off by one issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking.
- IOSurface:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking.
- Kernel:
- Available for: OS X Yosemite v10.10.2
- Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel
- Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations.
- Secure Transport:
- Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
- Impact: An attacker with a privileged network position may intercept SSL/TLS connections
- Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.
New in Apple Security Update (macOS Security Update) 2015-001 (Jan 28, 2015)
- A detailed list of all security flaws fixed fixed in Security Update 2015-001 is available at http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html.
- Security Update 2015-001 is recommended for all users and improves the security of OS X.
New in Apple Security Update (macOS Security Update) 2014-003 (Jun 30, 2014)
- Recommended for all users and improves the security of OS X.
New in Apple Security Update (macOS Security Update) 2014-002 (Apr 22, 2014)
- Recommended for all users and improves the security of OS X.
New in Apple Security Update (macOS Security Update) 2013-004 (Sep 13, 2013)
- Addresses the following:
- Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Multiple vulnerabilities in Apache
- Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24.
- CVE-ID: CVE-2012-0883, CVE-2012-2687, CVE-2012-3499, CVE-2012-4558
- Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Multiple vulnerabilities in BIND
- Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not
- affect Mac OS X v10.7 systems.
- CVE-ID: CVE-2012-3817, CVE-2012-4244, CVE-2012-5166, CVE-2012-5688, CVE-2013-2266
- Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Root certificates have been updated
- Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.
- Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5
- Impact: Multiple vulnerabilities in ClamAV
- Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8.
- CVE-ID: CVE-2013-2020, CVE-2013-2021
- Available for: OS X Mountain Lion v10.8 to v10.8.4
- Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking.
- CVE-ID: CVE-2013-1025 : Felix Groebert of the Google Security Team
- Available for: OS X Mountain Lion v10.8 to v10.8.4
- Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking.
- CVE-ID: CVE-2013-1026 : Felix Groebert of the Google Security Team
- Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Packages could be opened after certificate revocation
- Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package.
- CVE-ID: CVE-2013-1027
- Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: An attacker may intercept data protected with IPSec Hybrid Auth
- Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate.
- CVE-ID: CVE-2013-1028 : Alexander Traud of www.traud.de
- Available for: OS X Mountain Lion v10.8 to v10.8.4
- Impact: A local network user may cause a denial of service
- Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check.
- CVE-ID: CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.
- Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Passwords may be disclosed to other local users
- Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe.
- CVE-ID: CVE-2013-1030 : Per Olofsson at the University of Gothenburg
- Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Multiple vulnerabilities in OpenSSL
- Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y.
- CVE-ID: CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
- Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Multiple vulnerabilities in PHP
- Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26.
- CVE-ID: CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110
- Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Multiple vulnerabilities in PostgreSQL
- Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.0.13.
- CVE-ID: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903
- Available for: OS X Mountain Lion v10.8 to v10.8.4
- Impact: The screen saver may not start after the specified time period
- Description: A power assertion lock issue existed. This issue was addressed through improved lock handling.
- CVE-ID: CVE-2013-1031
- Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking.
- CVE-ID: CVE-2013-1032 : Jason Kratzer working with iDefense VCP
- Available for: OS X Mountain Lion v10.8 to v10.8.4
- Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in
- Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking.
- CVE-ID: CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq
- Note: OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate.
New in Apple Security Update (macOS Security Update) 2013-002 (Jun 5, 2013)
- CFNetwork:
-
Available for: OS X Mountain Lion v10.8 to v10.8.3
-
Impact: An attacker with access to a user's session may be able to log into previously accessed sites, even if Private Browsing was used
-
Description: Permanent cookies were saved after quitting Safari, even when Private Browsing was enabled. This issue was addressed by improved handling of cookies.
- CoreAnimation:
-
Available for: OS X Mountain Lion v10.8 to v10.8.3
-
Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution
-
Description: An unbounded stack allocation issue existed in the handling of text glyphs. This could be triggered by maliciously crafted URLs in Safari. The issue was addressed through improved bounds checking.
- CoreMedia Playback:
-
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
-
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
-
Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks.
- CUPS:
-
Available for: OS X Mountain Lion v10.8 to v10.8.3
-
Impact: A local user in the lpadmin group may be able to read or write arbitrary files with system privileges
-
Description: A privilege escalation issue existed in the handling of CUPS configuration via the CUPS web interface. A local user in the lpadmin group may be able to read or write arbitrary files with system privileges. This issue was addressed by moving certain configuration directives to cups-files.conf, which can not be modified from the CUPS web interface.
- Directory Service:
-
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8
-
Impact: A remote attacker may execute arbitrary code with system privileges on systems with Directory Service enabled
-
Description: An issue existed in the directory server's handling of messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion or OS X Mountain Lion systems.
- Disk Management:
-
Available for: OS X Mountain Lion v10.8 to v10.8.3
-
Impact: A local user may disable FileVault
-
Description: A local user who is not an administrator may disable FileVault using the command-line. This issue was addressed by adding additional authentication.
- OpenSSL:
-
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
-
Impact: An attacker may be able to decrypt data protected by SSL
-
Description: There were known attacks on the confidentiality of TLS 1.0 when compression was enabled. This issue was addressed by disabling compression in OpenSSL.
- OpenSSL:
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
-
Impact: Multiple vulnerabilities in OpenSSL
-
Description: OpenSSL was updated to version 0.9.8x to address multiple vulnerabilities, which may lead to denial of service or disclosure of a private key. Further information is available via the OpenSSL website at http://www.openssl.org/news/
- QuickDraw Manager:
-
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
-
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
-
Description: A buffer overflow existed in the handling of PICT images. This issue was addressed through improved bounds checking.
- QuickTime:
-
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
-
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
-
Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking.
- QuickTime:
-
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
-
Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution
-
Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking.
- QuickTime:
-
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
-
Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution
-
Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking.
- QuickTime:
-
Available for: OS X Mountain Lion v10.8 to v10.8.3
-
Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution
-
Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking.
- Ruby:
-
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8
-
Impact: Multiple vulnerabilities in Ruby on Rails
-
Description: Multiple vulnerabilities existed in Ruby on Rails, the most serious of which may lead to arbitrary code execution on systems running Ruby on Rails applications. These issues were addressed by updating Ruby on Rails to version 2.3.18. This issue may affect OS X Lion or OS X Mountain Lion systems that were upgraded from Mac OS X 10.6.8 or earlier. Users can update affected gems on such systems by using the /usr/bin/gem utility.
- SMB:
-
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
-
Impact: An authenticated user may be able to write files outside the shared directory
-
Description: If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory. This issue was addressed through improved access control.
- Note: Starting with OS X v10.8.4, Java Web Start (i.e. JNLP) applications downloaded from the Internet need to be signed with a Developer ID certificate. Gatekeeper will check downloaded Java Web Start applications for a signature and block such applications from launching if they are not properly signed.
New in Apple Security Update (macOS Security Update) 2012-003 (May 15, 2012)
- This update disables versions of Adobe Flash Player that do not include the latest security updates and provides the option to get the current version from Adobe's website.
- NOTE: Applies to Mac OS X v10.5.8.
New in Apple Security Update (macOS Security Update) 2012-001 v1.1 (Feb 4, 2012)
- Security Update 2012-001 v1.1 is now available for Mac OS X v10.6.8 systems to address a compatibility issue.
- Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001.
- OS X Lion systems are not affected by this change.
New in Apple Security Update (macOS Security Update) 2011-006 (Oct 12, 2011)
- Apache:
- Impact: Multiple vulnerabilities in Apache
- Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/
- Application Firewall:
- Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges
- Description: A format string vulnerability existed in Application Firewall's debug logging.
- ATS:
- Impact: Viewing or downloading a document containing a maliciouslycrafted embedded font may lead to arbitrary code execution
- Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion.
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems.
- Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow issue existed in the ATSFontDeactivate API.
- BIND:
- Impact: Multiple vulnerabilities in BIND 9.7.3
- Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3.
- Impact: Multiple vulnerabilities in BIND
- Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.
- Certificate Trust Policy:
- Impact: Root certificates have been updated
- Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
- CFNetwork:
- Impact: Safari may store cookies it is not configured to accept
- Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage.
- CFNetwork:
- Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
- Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion.
- CoreFoundation:
- Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking.
- CoreMedia:
- Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site
- Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems.
- CoreProcesses:
- Impact: A person with physical access to a system may partially bypass the screen lock
- Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion.
- CoreStorage:
- Impact: Converting to FileVault does not erase all existing data
- Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted
- volume affected by this issue. This issue does not affect systems prior to OS X Lion.
- File Systems:
- Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information
- Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user.
- IOGraphics:
- Impact: A person with physical access may be able to bypass the screen lock
- Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode.
- This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems.
- iChat Server:
- Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately
- Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests.
- Kernel:
- Impact: A person with physical access may be able to access the user's password
- Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in.
- Impact: An unprivileged user may be able to delete another user's files in a shared directory
- Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit.
- libsecurity:
- Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution
- Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension.
- Mailman:
- Impact: Multiple vulnerabilities in Mailman 2.1.14
- Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html This issue does not affect OS X Lion systems.
- MediaKit:
- Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems.
- Open Directory:
- Impact: Any user may read another local user's password data
- Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion.
- Impact: An authenticated user may change that account's password without providing the current password
- Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion.
- Impact: A user may be able to log in without a password
- Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no
- AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion.
- PHP:
- Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/
- Impact: Multiple vulnerabilities in libpng 1.4.3
- Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
- Impact: Multiple vulnerabilities in PHP 5.3.4
- Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/
- postfix:
- Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
- Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information
- Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the
- issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html
- python:
- Impact: Multiple vulnerabilities in python
- Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/
- QuickTime:
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in QuickTime's handling of movie files.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
- Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML
- Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by
- this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files.
- Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents
- Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file.
- Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow existed in QuickTime's handling of FlashPix files.
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow existed in QuickTime's handling of FLIC files.
- Impact: A guest user may browse shared folders
- Description: An access control issue existed in the SMB File Server.
- Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion.
- Tomcat:
- Impact: Multiple vulnerabilities in Tomcat 6.0.24
- Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems.
- This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/
- User Documentation:
- Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution
- Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems.
- Web Server:
- Impact: Clients may be unable to access web services that require digest authentication
- Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue.
- X11:
- Impact: Multiple vulnerabilities in libpng
- Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems.
New in Apple Security Update (macOS Security Update) 2011-005 (Sep 9, 2011)
- Certificate Trust Policy:
- Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.1, Lion Server v10.7.1
- Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
- Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.
New in Apple Security Update (macOS Security Update) 2011-004 (Jun 24, 2011)
- Recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.
New in Apple Security Update (macOS Security Update) 2011-003 (May 31, 2011)
- File Quarantine:
- Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
- Impact: Definition added
- Description: The OSX.MacDefender.A definition has been added to the malware check within File Quarantine. Information on File Quarantine is available in this Knowledge Base article: http://support.apple.com/kb/HT3662
- File Quarantine:
- Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
- Impact: Automatically update the known malware definitions
- Description: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651
- Malware removal:
- Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
- Impact: Remove the MacDefender malware if detected
- Description: The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651
New in Apple Security Update (macOS Security Update) 2011-002 (Apr 15, 2011)
- Certificate Trust Policy:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Server v10.6.7
- Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
- Description: Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue is addressed by blacklisting the fraudulent certificates.
New in Apple Security Update (macOS Security Update) 2011-001 (Mar 21, 2011)
- AirPort:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset
- Description: A divide by zero issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect systems prior to Mac OS X v10.6.
- CVE-ID
- CVE-2011-0172
- Apache:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Multiple vulnerabilities in Apache 2.2.15
- Description: Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/
- CVE-ID
- CVE-2010-1452
- CVE-2010-2068
- AppleScript:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution
- Description: A format string issue existed in AppleScript Studio's generic dialog commands ("display dialog" and "display alert"). Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-0173 : Alexander Strange
- ATS:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
- CVE-ID
- CVE-2011-0174
- ATS:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
- CVE-ID
- CVE-2011-0175 : Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, Tavis Ormandy and Will Drewry of Google Security Team
- ATS:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: Multiple buffer overflow issues existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
- CVE-ID
- CVE-2011-0176 : Felix Grobert of the Google Security Team, geekable working with TippingPoint's Zero Day Initiative
- ATS:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: Multiple buffer overflow issues existed in the handling of SFNT tables. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
- CVE-ID
- CVE-2011-0177 : Marc Schoenefeld of Red Hat Security Response Team
- bzip2:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution
- Description: An integer overflow issue existed in bzip2's handling of bzip2 compressed files. Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2010-0405
- CarbonCore:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Applications that use FSFindFolder() with the kTemporaryFolderType flag may be vulnerable to a local information disclosure
- Description: When used with the kTemporaryFolderType flag, the FSFindFolder() API returns a directory that is world readable. This issue is addressed by returning a directory that is only readable by the user that the process is running as.
- CVE-ID
- CVE-2011-0178
- ClamAV:
- Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6.6
- Impact: Multiple vulnerabilities in ClamAV
- Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/
- CVE-ID
- CVE-2010-0405
- CVE-2010-3434
- CVE-2010-4260
- CVE-2010-4261
- CVE-2010-4479
- CoreText:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: A memory corruption issue existed in CoreText's handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
- CVE-ID
- CVE-2011-0179 : Christoph Diehl of Mozilla
- File Quarantine:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Definition added
- Description: The OSX.OpinionSpy definition has been added to the malware check within File Quarantine.
- HFS:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem
- Description: An integer overflow issue existed in the handling of the F_READBOOTSTRAP ioctl. A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem.
- CVE-ID
- CVE-2011-0180 : Dan Rosenberg of Virtual Security Research
- ImageIO:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-0170 : Andrzej Dyjak working with iDefense VCP
- ImageIO:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution
- Description: An integer overflow issue existed in ImageIO's handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-0181 : Harry Sintonen
- ImageIO:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution
- Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-0191 : Apple
- ImageIO:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution
- Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-0192 : Apple
- ImageIO:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted JPEG-encoded TIFF image may result in an unexpected application termination or arbitrary code execution
- Description: An integer overflow issue existed in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
- CVE-ID
- CVE-2011-0194 : Dominic Chell of NGS Secure
- Image RAW:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution
- Description: Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-0193 : Paul Harrington of NGS Secure
- Installer:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Visiting a maliciously crafted website may lead to the installation of an agent that contacts an arbitrary server when the user logs in, and mislead the user into thinking that the connection is with Apple
- Description: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple. This issue is addressed by removing Install Helper.
- CVE-ID
- CVE-2011-0190 : Aaron Sigel of vtty.com
- Kerberos:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Multiple vulnerabilities in MIT Kerberos 5
- Description: Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/
- CVE-ID
- CVE-2010-1323
- CVE-2010-1324
- CVE-2010-4020
- CVE-2010-4021
- Kernel:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: A local user may be able to execute arbitrary code with system privileges
- Description: A privilege checking issue existed in the i386_set_ldt system call's handling of call gates. A local user may be able to execute arbitrary code with system privileges. This issue is addressed by disallowing creation of call gate entries via i386_set_ldt().
- CVE-ID
- CVE-2011-0182 : Jeff Mears
- Libinfo:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: A remote attacker may be able to cause a denial of service on hosts that export NFS file systems
- Description: An integer truncation issue existed in Libinfo's handling of NFS RPC packets. A remote attacker may be able to cause NFS RPC services such as lockd, statd, mountd, and portmap to become unresponsive.
- CVE-ID
- CVE-2011-0183 : Peter Schwenk of the University of Delaware
- libxml:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in libxml's XPath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2010-4008 : Bui Quang Minh from Bkis (www.bkis.com)
- libxml:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- Description: A double free issue existed in libxml's handling of XPath expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
- CVE-ID
- CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences
- Mailman:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Multiple vulnerabilities in Mailman 2.1.13
- Description: Multiple cross-site scripting issues existed in Mailman 2.1.13. These issues are addressed by updating Mailman to version 2.1.14. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2010-September/000154.html
- CVE-ID
- CVE-2010-3089
- PHP:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Multiple vulnerabilities in PHP 5.3.3
- Description: PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/
- CVE-ID
- CVE-2006-7243
- CVE-2010-2950
- CVE-2010-3709
- CVE-2010-3710
- CVE-2010-3870
- CVE-2010-4150
- CVE-2010-4409
- PHP:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
- Impact: Multiple vulnerabilities in PHP 5.2.14
- Description: PHP is updated to version 5.2.15 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/
- CVE-ID
- CVE-2010-3436
- CVE-2010-3709
- CVE-2010-4150
- QuickLook:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
- CVE-ID
- CVE-2011-0184 : Tobias Klein working with Verisign iDefense Labs
- QuickLook:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-1417 : Charlie Miller and Dion Blazakis, working with TippingPoint's Zero Day Initiative
- QuickTime:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution.
- CVE-ID
- CVE-2011-0186 : Will Dormann of the CERT/CC
- QuickTime:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.
- CVE-ID
- CVE-2010-4009 : Honggang Ren of Fortinet's FortiGuard Labs
- QuickTime:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.
- CVE-ID
- CVE-2010-3801 : Damian Put working with TippingPoint's Zero Day Initiative, and Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team
- QuickTime:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site
- Description: A cross-origin issue existed in QuickTime plug-in's handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects.
- CVE-ID
- CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
- QuickTime:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue existed in QuickTime's handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.
- CVE-ID
- CVE-2010-3802 : an anonymous researcher working with TippingPoint's Zero Day Initiative
- Ruby:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution
- Description: An integer truncation issue existed in Ruby's BigDecimal class. Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution. This issue only affects 64-bit Ruby processes.
- CVE-ID
- CVE-2011-0188 : Apple
- Samba:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution
- Description: A stack buffer overflow existed in Samba's handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.
- CVE-ID
- CVE-2010-3069
- Subversion
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Subversion servers that use the non-default "SVNPathAuthz short_circuit" mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository
- Description: Subversion servers that use the non-default "SVNPathAuthz short_circuit" mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository. This issue is addressed by updating Subversion to version 1.6.13. This issue does not affect systems prior to Mac OS X v10.6.
- CVE-ID
- CVE-2010-3315
- Terminal:
- Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: When ssh is used in Terminal's "New Remote Connection" dialog, SSH version 1 is selected as the default protocol version
- Description: When ssh is used in Terminal's "New Remote Connection" dialog, SSH version 1 is selected as the default protocol version. This issue is addressed by changing the default protocol version to "Automatic". This issue does not affect systems prior to Mac OS X v10.6.
- CVE-ID
- CVE-2011-0189 : Matt Warren of HNW Inc.
- X11:
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
- Impact: Multiple vulnerabilities in FreeType
- Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/
New in Apple Security Update (macOS Security Update) 2010-007 (Nov 11, 2010)
- AFP Server:
- CVE-ID: CVE-2010-1828
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may cause AFP Server to unexpectedly shutdown
- Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.
- AFP Server:
- CVE-ID: CVE-2010-1829
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: An authenticated user may cause arbitrary code execution
- Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.
- AFP Server:
- CVE-ID: CVE-2010-1830
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may determine the existence of an AFP share
- Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.
- Apache mod_perl:
- CVE-ID: CVE-2009-0796
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may cause cross-site scripting against the web server
- Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.
- Apache:
- CVE-ID: CVE-2010-0408, CVE-2010-0434
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in Apache 2.2.14
- Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/
- AppKit:
- CVE-ID: CVE-2010-1842
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.
- ATS:
- CVE-ID: CVE-2010-1831
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.
- ATS:
- CVE-ID: CVE-2010-1832
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.
- ATS:
- CVE-ID: CVE-2010-1833
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.
- ATS:
- CVE-ID: CVE-2010-1797
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
- Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution
- Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.
- CFNetwork:
- CVE-ID: CVE-2010-1752
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.
- CFNetwork:
- CVE-ID: CVE-2010-1834
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites
- Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.
- CoreGraphics:
- CVE-ID: CVE-2010-1836
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.
- CoreText:
- CVE-ID: CVE-2010-1837
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.
- CUPS:
- CVE-ID: CVE-2010-2941
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.
- Directory Services:
- CVE-ID: CVE-2010-1838
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A local attacker may bypass the password validation and log in to a mobile account
- Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.
- Directory Services:
- CVE-ID: CVE-2010-1840
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution
- Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.
- diskdev_cmds:
- CVE-ID: CVE-2010-0105
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A local user may be able to prevent the system from starting properly
- Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.
- Disk Images:
- CVE-ID: CVE-2010-1841
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.
- Flash Player plug-in:
- CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
- Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/
- gzip:
- CVE-ID: CVE-2010-0001
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution
- Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.
- gzip:
- CVE-ID: CVE-2009-2624
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution
- Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
- Image Capture:
- CVE-ID: CVE-2010-1844
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown
- Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.
- ImageIO:
- CVE-ID: CVE-2010-1845
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.
- ImageIO:
- CVE-ID: CVE-2010-1811
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.
- ImageIO:
- CVE-ID: CVE-2010-2249, CVE-2010-1205
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in libpng
- Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
- Image RAW:
- CVE-ID: CVE-2010-1846
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.
- Kernel:
- CVE-ID: CVE-2010-1847
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A local user may cause an unexpected system shutdown
- Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.
- MySQL:
- CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
- Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in MySQL 5.0.88
- Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
- neon:
- CVE-ID: CVE-2009-2473, CVE-2009-2474
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in neon 0.28.3
- Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/
- Networking:
- CVE-ID: CVE-2010-1843
- Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4
- Impact: A remote attacker may cause an unexpected system shutdown
- Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
- OpenLDAP:
- CVE-ID: CVE-2010-0211
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may cause a denial of service or arbitrary code execution
- Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.
- OpenLDAP:
- CVE-ID: CVE-2010-0212
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may cause a denial of service
- Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.
- OpenSSL:
- CVE-ID: CVE-2010-1378
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote user may bypass TLS authentication or spoof a trusted server
- Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.
- Password Server:
- CVE-ID: CVE-2010-3783
- Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may be able to log in with an outdated password
- Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.
- PHP:
- CVE-ID: CVE-2010-0397, CVE-2010-2531
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in PHP 5.3.2
- Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/
- PHP:
- CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
- Impact: Multiple vulnerabilities in PHP 5.2.12
- Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/
- Printing:
- CVE-ID: CVE-2010-3784
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination
- Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.
- python:
- CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.
- Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.
- QuickLook:
- CVE-ID: CVE-2010-3785
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
- QuickLook:
- CVE-ID: CVE-2010-3786
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3787
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3788
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
- Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3789
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3790
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3791
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3792
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3793
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3794
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution
- Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
- QuickTime:
- CVE-ID: CVE-2010-3795
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution
- Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
- Safari RSS:
- CVE-ID: CVE-2010-3796
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information
- Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.
- Time Machine:
- CVE-ID: CVE-2010-1803
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: A remote attacker may access a user's Time Machine information
- Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems.
- Wiki Server:
- CVE-ID: CVE-2010-3797
- Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4
- Impact: A user who can edit wiki pages may obtain the credentials of other users
- Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.
- X11:
- CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in libpng version 1.2.41
- Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
- X11:
- CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Multiple vulnerabilities in FreeType 2.3.9
- Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/
- xar:
- CVE-ID: CVE-2010-3798
- Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
- Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.
New in Apple Security Update (macOS Security Update) 2010-006 (Sep 20, 2010)
- CVE-ID: CVE-2010-1820
- Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: A remote attacker may access AFP shared folders without a valid password
- Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.
New in Apple Security Update (macOS Security Update) 2010-005 (Aug 25, 2010)
- ATS:
- CVE-ID: CVE-2010-1808
-
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: A stack buffer overlow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.
- CFNetwork:
- CVE-ID: CVE-2010-1800
- Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
- Description: CFNetwork permits anonymous TLS/SSL connections. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue does not affect the Mail application. This issue is addressed by disabling anonymous TLS/SSL connections. This issue does not affect systems prior to Mac OS X v10.6.3. Credit to Aaron Sigel of vtty.com, Jean-Luc Giraud of Citrix, Tomas Bjurman of Sirius IT, and Wan-Teh Chang of Google, Inc. for reporting this issue.
- ClamAV:
- CVE-ID: CVE-2010-0098, CVE-2010-1311
- Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6.4
- Impact: Multiple vulnerabilities in ClamAV
- Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.1. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/
- CoreGraphics:
- CVE-ID: CVE-2010-1801
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) for reporting this issue.
- libsecurity:
- CVE-ID: CVE-2010-1802
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: An attacker in a privileged network position who can obtain a domain name that differs only in the last characters from the name of a legitimate domain may impersonate hosts in that domain
- Description: An issue exists in the handling of certificate host names. For host names containing three or more components, the last characters are not properly compared. In the case of a name containing exactly three components, only the last character is not checked. For example, if an attacker in a privileged network position could obtain a certificate for www.example.con the attacker can impersonate www.example.com. This issue is addressed through improved handling of certificate host names. Credit to Peter Speck for reporting this issue.
- PHP:
- CVE-ID: CVE-2010-1205
- Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitary code execution
- Description: A buffer overflow exists in PHP's libpng library. Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitary code execution. This issue is addressed by updating libpng within PHP to version 1.4.3. This issue does not affect systems prior to Mac OS X v10.6.
- PHP:
- CVE-ID: CVE-2010-1129, CVE-2010-0397, CVE-2010-2225, CVE-2010-2531, CVE-2010-2484
- Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: Multiple vulnerabilities in PHP 5.3.1
- Description: PHP is updated to version 5.3.2 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/
- Samba:
- CVE-ID: CVE-2010-2063
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4
- Impact: An unauthenticated remote attacker may cause a denial of service or arbitrary code execution
- Description: A buffer overflow exists in Samba. An unauthenticated remote attacker may cause a denial of service or arbitrary code execution by sending a maliciously crafted packet. This issue is addressed by performing additional validation of packets in Samba.
New in Apple Security Update (macOS Security Update) 2010-004 (Jun 16, 2010)
- Security Update 2010-004 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.
New in Apple Security Update (macOS Security Update) 2010-003 (Apr 14, 2010)
- Recommended for all users and improves the security of Mac OS X.
New in Apple Security Update (macOS Security Update) 2009-006 (Nov 10, 2009)
- AFP Client:
- Impact: Accessing a malicious AFP server may lead to an unexpected system termination or arbitrary code execution with system privileges
- Description: Multiple memory corruption issues exist in AFP Client. Connecting to a malicious AFP Server may cause an unexpected system termination or arbitrary code execution with system privileges. This update addresses the issues through improved bounds checking. These issues do not affect Mac OS X v10.6 systems. Credit: Apple.
- Adaptive Firewall:
- Impact: A brute force or dictionary attack to guess an SSH login password may not be detected by Adaptive Firewall
- Description: Adaptive Firewall responds to suspicious activity, such as an unusual volume of access attempts, by creating a temporary rule to restrict access. In certain circumstances, Adaptive Firewall may not detect SSH login attempts using invalid user names. This update addresses the issue through improved detection of invalid SSH login attempts. This issue only affects Mac OS X Server systems. Credit: Apple.
- Apache:
- Impact: Multiple vulnerabilities in Apache 2.2.11
- Description: Apache is updated to version 2.2.13 to address several vulnerabilities, the most serious of which may lead to privilege escalation. Further information is available via the Apache web site at http://httpd.apache.org/
- Impact: A remote attacker can conduct cross-site scripting attacks against Apache web server
- Description: The Apache web server allows the TRACE HTTP method. A remote attacker may use this facility to conduct cross-site scripting attacks through certain web client software. This issue is addressed by updating the configuration to disable support for the TRACE method.
- Apache Portable Runtime:
- Impact: Applications using Apache Portable Runtime (apr) may be exploited for code execution
- Description: Multiple integer overflows in Apache Portable Runtime (apr) may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by updating Apache Portable Runtime to version 1.3.8 on Mac OS X v10.6 systems, and by applying the Apache Portable Runtime patches on Mac OS X v10.5.8 systems. Systems running Mac OS X v10.6 are affected only by CVE-2009-2412. Further information is available via the Apache Portable Runtime web site at http://apr.apache.org/
- ATS:
- Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
- Description: Multiple buffer overflows exist in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This update addresses the issues through improved bounds checking. These issues do not affect Mac OS X v10.6 systems. Credit: Apple.
- Certificate Assistant:
- Impact: A user may be misled into accepting a certificate for a different domain
- Description: An implementation issue exists in the handling of SSL certificates which have NUL characters in the Common Name field. A user could be misled into accepting an attacker-crafted certificate that visually appears to match the domain visited by the user. This issue is mitigated as Mac OS X does not consider such a certificate to be valid for any domain. This update addresses the issue through improved handling of SSL certificates.
- CoreGraphics:
- Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple integer overflows in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. These issues do not affect Mac OS X v10.6 systems. Credit: Apple.
- CoreMedia:
- Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tom Ferris of the Adobe Secure Software Engineering Team for reporting this issue.
- Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting this issue.
- CUPS:
- Impact: Acessing a maliciously crafted website or URL may lead to a cross-site scripting or HTTP response splitting attack
- Description: An issue in CUPS may lead to cross-site scripting and HTTP response splitting. Accessing a maliciously crafted web page or URL may allow an attacker to access content available to the current local user via the CUPS web interface. This could include print system configuration and the titles of jobs that have been printed. This issue is addressed through improved handling of HTTP headers and HTML templates. Credit: Apple.
- Dictionary:
- Impact: A user on the local network may be able to cause arbitrary code execution
- Description: A design issue in Dictionary allows maliciously crafted Javascript to write arbitrary data to arbitary locations on the user's filesystem. This may allow another user on the local network to execute arbitrary code on the user's system. This update addresses the issue by removing the vulnerable code. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- DirectoryService:
- Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in DirectoryService. This may allow a remote attacker to cause an unexpected application termination or arbitrary code execution. This update only affects systems configured as DirectoryService servers. This update addresses the issue through improved memory handling. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- Disk Images:
- Impact: Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in the handling of disk images containing FAT filesystems. Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- Dovecot:
- Impact: A local user may cause an unexpected application termination or arbitrary code execution with system privilege
- Description: Multiple buffer overflows exist in dovecot-sieve. By implementing a maliciously crafted dovecot-sieve script, a local user may cause an unexpected application termination or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of dovecot-sieve scripts. This issue affects Mac OS X Server systems only. This issue does not affect systems prior to Mac OS X v10.6.
- Event Monitor:
- Impact: A remote attacker may cause log injection
- Description: A log injection issue exists in Event Monitor. By connecting to the SSH server with maliciously crafted authentication information, a remote attacker may cause log injection. This may lead to a denial of service as log data is processed by other services. This update addresses the issue through improved escaping of XML output. This issue affects Mac OS X Server systems only. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- fetchmail:
- Impact: fetchmail is updated to 6.3.11
- Description: fetchmail has been updated to 6.3.11 to address a man-in-the-middle issue. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/
- file:
- Impact: Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple buffer overflows vulnerabilities exist in the file command line tool. Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by updating file to version 5.03. These issues do not affect systems prior to Mac OS X v10.6.
- FTP Server:
- Impact: An attacker with access to FTP and the ability to create directories on a system may be able to cause unexpected application termination or arbitrary code execution
- Description: A buffer overflow exists in FTP Server's CWD command line tool. Issuing the CWD command on a deeply nested directory hierarchy may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue affects Mac OS X Server systems only. Credit: Apple.
- Help Viewer:
- Impact: Using Help Viewer on an untrusted network may result in arbitrary code execution
- Description: Help Viewer does not use HTTPS for viewing remote Apple Help content. A user on the local network may send spoofed HTTP responses containing malicious help:runscript links. This update addresses the issue by using HTTPS when requesting remote Apple Help content. Credit to Brian Mastenbrook for reporting this issue.
- ImageIO:
- Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
- International Components for Unicode:
- Impact: Applications that use the UCCompareTextDefault API may be vulnerable to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow exists in the UCCompareTextDefault API, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved memory management. This issue does not affect Mac OS X v10.6 systems. Credit to Nikita Zhuk and Petteri Kamppuri of MK&C for reporting this issue.
- IOKit:
- Impact: A non-privileged user may be able to modify the keyboard firmware
- Description: A non-privileged user may alter the firmware in an attached USB or Bluetooth Apple keyboard. This update addresses the issue by requiring system privileges to send firmware to USB or Bluetooth Apple keyboards. Credit to K. Chen of Georgia Institute of Technology for reporting this issue.
- IPSec:
- Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
- Description: Multiple vulnerabilities in the racoon daemon's ipsec-tools before 0.7.2 may lead to a denial of service. This update addresses the issues by applying patches from the IPsec-Tools project. Further information is available via the IPsec-Tools web site at http://ipsec-tools.sourceforge.net/
- Kernel:
- Impact: A local user may cause information disclosure, an unexpected system shutdown, or arbitrary code execution
- Description: Multiple input validation issues exist in Kernel's handling of task state segments. These may allow a local user to cause information disclosure, an unexpected system shutdown, or arbitrary code execution. This update addresses the issues through improved input validation. Credit to Regis Duchesne of VMware, Inc. for reporting this issue.
- Launch Services:
- Impact: Attempting to open unsafe downloaded content may not lead to a warning
- Description: When Launch Services is called to open a quarantined folder, it will recursively clear quarantine information from all files contained within the folder. The quarantine information that is cleared is used trigger a user warning prior to opening the item. This would allow the user to launch a potentially unsafe item, such as an application, without being presented with the appropriate warning dialog. This update addresses the issue by not clearing this quarantine information from the folder's content. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.
- libsecurity:
- Impact: Support for X.509 certificates with MD2 hashes may expose users to spoofing and information disclosure as attacks improve
- Description: There are known cryptographic weaknesses in the MD2 hash algorithm. Further research could allow the creation of X.509 certificates with attacker controlled values that are trusted by the system. This could expose X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. While it is not yet considered computationally feasible to mount an attack using these weaknesses, this update disables support for an X.509 certificate with an MD2 hash for any use other than as trusted root certificate. This is a proactive change to protect users in advance of improved attacks against the MD2 hash algorithm. Credit to Dan Kaminsky of IOACTIVE and Microsoft Vulnerability Research (MSVR) for reporting this issue.
- libxml:
- Impact: Parsing maliciously crafted XML content may lead to an unexpected application termination
- Description: Multiple use-after-free issues exist in libxml2, the most serious may lead to an unxexpected application termination. This update addresses the issues through improved memory handling. Credit to Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. for reporting these issues.
- Login Window:
- Impact: A user may log in to any account without supplying a password
- Description: A race condition exists in Login Window. If an account on the system has no password, such as the Guest account, a user may log in to any account without supplying a password. This update addresses the issue through improved access checks. This issue does not affect systems prior to Mac OS X v.10.6.
- OpenLDAP:
- Impact: A man-in-the-middle attacker may be able to impersonate a trusted OpenLDAP server or user even when SSL is being used
- Description: An implementation issue exists in OpenLDAP's handling of SSL certificates which have NUL characters in the Common Name field. Using a maliciously crafted SSL certificate, an attacker may be able to perform a man-in-the-middle attack on OpenLDAP transactions which use SSL. This update addresses the issue through improved handling of SSL certificates.
- Impact: Multiple vulnerabilities in OpenLDAP
- Description: Multiple vulnerabilities exist in OpenLDAP, the most serious of which may lead a denial of service or arbitrary code execution. This update addresses the issues by applying the OpenLDAP patches for the referenced CVE IDs. Further information is available via the OpenLDAP web site at http://www.openldap.org/. These issues do not affect Mac OS X v10.6 systems.
- OpenSSH:
- Impact: Data in an OpenSSH session may be disclosed
- Description: An error handling issue exists in OpenSSH, which may lead to the disclosure of certain data in an SSH session. This update addresses the issue by updating OpenSSH to version 5.2p1. Further information is available via the OpenSSH web site at http://www.openssh.com/txt/release-5.2 This issue does not affect Mac OS X v10.6 systems.
- PHP:
- Impact: Multiple vulnerabilities in PHP 5.2.10
- Description: PHP is updated to version 5.2.11 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ These issues do not affect Mac OS X v10.6 systems.
- QuickDraw Manager:
- Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in QuickDraw's handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.
- QuickLook:
- Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
- Description: An integer overflow in QuickLook's handling of Microsoft Office files may lead to a buffer overflow. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- QuickTime:
- Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to Tom Ferris of the Adobe Secure Software Engineering Team for reporting this issue.
- Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting this issue.
- Impact: Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow exists in QuickTime's handling of MPEG-4 video files. Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to Alex Selivanov for reporting this issue.
- Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
- Description: A heap buffer overflow exists in QuickTime's handling of FlashPix files. Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to Damian Put working with TippingPoint and the Zero Day Initiative for reporting this issue.
- FreeRADIUS:
- Impact: A remote attacker may terminate the operation of the RADIUS service
- Description: An issue exists in FreeRADIUS in the handling of Access-Request messages. A remote attacker may cause the RADIUS service to terminate by sending an Access-Request message containing a Tunnel-Password attribute with a zero-length attribute value. After any unexpected termination, the RADIUS service will be automatically restarted. This update addresses the issue through improved validation of zero-length attributes. This issue does not affect Mac OS X v10.6 systems.
- Screen Sharing:
- Impact: Accessing a malicious VNC server may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple memory corruption issues exist in the Screen Sharing client. Accessing a malicious VNC server, such as by opening a vnc:// URL, may cause an unexpected application termination or arbitrary code execution. This update addresses the issues through improved memory handling. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- Spotlight:
- Impact: A local user may manipulate files with the privileges of another user
- Description: An insecure file operation exists in Spotlight's handling of temporary files. This could allow a local user to overwrite files with the privileges of another user. This update addresses the issue through improved handling of temporary files. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- Subversion:
- Impact: Accessing a Subversion repository may lead to an unexpected application termination or arbitrary code execution
- Description: Multiple heap buffer overflows in Subversion may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues by updating Subversion to version 1.6.5 for Mac OS X v10.6 systems, and by applying the Subversion patches for Mac OS X v10.5.8 systems. Further information is available via the Subversion web site at http://subversion.tigris.org/
New in Apple Security Update (macOS Security Update) 2009-005 (Sep 11, 2009)
- Alias Manager- A buffer overflow exists in the handling of alias files. Opening a maliciously crafted alias file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- CarbonCore - Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the Resource Manager's handling of resource forks. Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of resource forks. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- ClamAV - Multiple vulnerabilities exist in ClamAV 0.94.2, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.95.2. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/ These issues do not affect Mac OS X v10.6 systems.
- ColorSync - An integer overflow exists in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ColorSync profiles. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- CoreGraphics - An integer overflow in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Dormann of CERT/CC for reporting this issue. This issue does not affect Mac OS X v10.6 systems.
- CoreGraphics - A heap buffer overflow exists in the drawing of long text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit to Will Drewry of Google Inc. for reporting this issue.
- CUPS - A null pointer dereference exists in CUPS. By repeatedly sending maliciously crafted scheduler requests, a remote attacker may be able to deny access to the Printer Sharing service. This update addresses the issue through improved validation of scheduler requests. This issue does not affect Mac OS X v10.6 systems. Credit to Anibal Sacco of the CORE IMPACT Exploit Writing Team (EWT) at Core Security Technologies for reporting this issue.
- CUPS - A heap buffer overflow exists in the CUPS USB backend. This may allow a local user to obtain system privileges. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems.
- Flash Player plug-in - Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.8 to version 10.0.32.18, and to version 9.0.246.0 on Mac OS X v10.4.11 systems. For Mac OS X v10.6 systems, these issues are addressed in Mac OS X v10.6.1. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-10.html
- ImageIO - Multiple memory corruption issues exist in ImageIO's handling of PixarFilm encoded TIFF images. Viewing a maliciously crafted PixarFilm encoded TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of PixarFilm encoded TIFF images. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- Launch Services - This update adds '.fileloc' to the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from an e-mail. While these content types are not automatically opened, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling '.fileloc' files. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
- Launch Services - When an application is downloaded, Launch Services analyzes its exported document types. A design issue in the handling of the exported document types may cause Launch Services to associate a safe file extension with an unsafe Uniform Type Identifier (UTI). Visiting a malicious website may cause an unsafe file type to be opened automatically. This update addresses the issue through improved handling of exported document types from untrusted applications. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems. Credit: Apple.
- MySQL - MySQL is updated to version 5.0.82 to address an implementation issue that allows a local user to obtain elevated privileges. This issue only affects Mac OS X Server systems. This issue does not affect Mac OS X v10.6 systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-82.html
- PHP - PHP is updated to version 5.2.10 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ These issues do not affect Mac OS X v10.6 systems.
- SMB - An unchecked error condition exists in Samba. A user who does not have a configured home directory, and connects to the Windows File Sharing service, will be able to access the contents of the file system, subject to local file system permissions. This update addresses the issue by improving the handling of path resolution errors. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems. Credit to J. David Hester of LCG Systems National Institutes of Health for reporting this issue.
- Wiki Server - A cross site scripting issue exists in the Wiki Server's handling of search requests containing non-UTF-8 encoded data. This may allow a remote attacker to access a Wiki server with the credentials of the Wiki Server user performing the search. This update addresses the issue by setting UTF-8 as the default character set in HTTP responses. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems. Credit: Apple.
New in Apple Security Update (macOS Security Update) 2009-004 (Aug 13, 2009)
- Impact: A remote attacker may be able to cause the DNS server to unexpectedly terminate.
- A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised.