Home / mailingsPDF  

APPLE-SA-2017-01-23-2 macOS 10.12.3

Posted on 23 January 2017
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-2 macOS 10.12.3

macOS 10.12.3 is now available and addresses the following:

apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version 5.6.28.
CVE-2016-8670
CVE-2016-9933
CVE-2016-9934

Bluetooth
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2353: Ian Beer of Google Project Zero

Graphics Drivers
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2358: Team Pangu and lokihardt at PwnFest 2016

Help Viewer
Available for: macOS Sierra 10.12.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A cross-site scripting issue was addressed through
improved URL validation.
CVE-2017-2361: lokihardt of Google Project Zero

IOAudioFamily
Available for: macOS Sierra 10.12.2
Impact: An application may be able to determine kernel memory layout
Description: An uninitialized memory issue was addressed through
improved memory management.
CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016

Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero

Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero

libarchive
Available for: macOS Sierra 10.12.2
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo

Vim
Available for: macOS Sierra 10.12.2
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An input validation issue existed in modelines. This was
addressed through improved input validation.
CVE-2016-1248: Florian Larysch

WebKit
Available for: macOS Sierra 10.12.2
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero

macOS 10.12.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP