Created
November 11, 2017 22:54
-
-
Save applch/5ab2cdf70f816844293274d2374036eb to your computer and use it in GitHub Desktop.
About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan | |
| This document describes the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. | |
| About Apple security updates | |
| For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. | |
| For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key. | |
| Apple security documents reference vulnerabilities by CVE-ID when possible. | |
| macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan | |
| Released October 31, 2017 | |
| 802.1X | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An attacker may be able to exploit weaknesses in TLS 1.0 | |
| Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2. | |
| CVE-2017-13832: Doug Wussler of Florida State University | |
| Entry updated November 10, 2017 | |
| apache | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Multiple issues in Apache | |
| Description: Multiple issues were addressed by updating to version 2.4.27. | |
| CVE-2016-736 | |
| CVE-2016-2161 | |
| CVE-2016-5387 | |
| CVE-2016-8740 | |
| CVE-2016-8743 | |
| CVE-2017-3167 | |
| CVE-2017-3169 | |
| CVE-2017-7659 | |
| CVE-2017-7668 | |
| CVE-2017-7679 | |
| CVE-2017-9788 | |
| CVE-2017-9789 | |
| APFS | |
| Available for: macOS High Sierra 10.13 | |
| Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data | |
| Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation. | |
| CVE-2017-13786: Dmytro Oleksiuk | |
| Entry updated November 10, 2017 | |
| APFS | |
| Available for: macOS High Sierra 10.13 | |
| Impact: An application may be able to execute arbitrary code with system privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum | |
| AppleScript | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution | |
| Description: A validation issue was addressed with improved input sanitization. | |
| CVE-2017-13809: bat0s | |
| Entry updated November 10, 2017 | |
| ATS | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Processing a maliciously crafted font may result in the disclosure of process memory | |
| Description: A memory corruption issue was addressed with improved input validation. | |
| CVE-2017-13820: John Villamil, Doyensec | |
| Audio | |
| Available for: macOS Sierra 10.12.6 | |
| Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution | |
| Description: A memory consumption issue was addressed through improved memory handling. | |
| CVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team | |
| CFNetwork | |
| Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 | |
| Impact: An application may be able to execute arbitrary code with system privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative | |
| CVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative | |
| Entry added November 10, 2017 | |
| CFString | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to read restricted memory | |
| Description: A validation issue was addressed with improved input sanitization. | |
| CVE-2017-13821: Australian Cyber Security Centre – Australian Signals Directorate | |
| CoreText | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Processing a maliciously crafted font file may lead to arbitrary code execution | |
| Description: A memory consumption issue was addressed through improved memory handling. | |
| CVE-2017-13825: Australian Cyber Security Centre – Australian Signals Directorate | |
| curl | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory | |
| Description: An out-of-bounds read was addressed with improved bounds checking. | |
| CVE-2017-1000100: Even Rouault, found by OSS-Fuzz | |
| curl | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory | |
| Description: An out-of-bounds read was addressed with improved bounds checking. | |
| CVE-2017-1000101: Brian Carpenter, Yongji Ouyang | |
| Dictionary Widget | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Searching pasted text in the Dictionary widget may lead to compromise of user information | |
| Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. | |
| CVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com) | |
| file | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Multiple issues in file | |
| Description: Multiple issues were addressed by updating to version 5.31. | |
| CVE-2017-13815 | |
| Fonts | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Rendering untrusted text may lead to spoofing | |
| Description: An inconsistent user interface issue was addressed with improved state management. | |
| CVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome | |
| Entry updated November 10, 2017 | |
| fsck_msdos | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to execute arbitrary code with system privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro | |
| Entry updated November 2, 2017 | |
| HFS | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to execute arbitrary code with system privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum | |
| Heimdal | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An attacker in a privileged network position may be able to impersonate a service | |
| Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation. | |
| CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams | |
| HelpViewer | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: A quarantined HTML file may execute arbitrary JavaScript cross-origin | |
| Description: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file. | |
| CVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure | |
| Entry updated November 10, 2017 | |
| ImageIO | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Processing a maliciously crafted image may lead to arbitrary code execution | |
| Description: A memory corruption issue was addressed through improved input validation. | |
| CVE-2017-13814: Australian Cyber Security Centre – Australian Signals Directorate | |
| ImageIO | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Processing a maliciously crafted image may lead to a denial of service | |
| Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. | |
| CVE-2017-13831: Glen Carmichael | |
| Entry updated November 10, 2017 | |
| Kernel | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: A local user may be able to leak sensitive user information | |
| Description: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation. | |
| CVE-2017-13810: Zhiyun Qian of University of California, Riverside | |
| Entry updated November 10, 2017 | |
| Kernel | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: A local user may be able to read kernel memory | |
| Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. | |
| CVE-2017-13817: Maxime Villard (m00nbsd) | |
| Kernel | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to read restricted memory | |
| Description: A validation issue was addressed with improved input sanitization. | |
| CVE-2017-13818: The UK's National Cyber Security Centre (NCSC) | |
| CVE-2017-13836: an anonymous researcher, an anonymous researcher | |
| CVE-2017-13841: an anonymous researcher | |
| CVE-2017-13840: an anonymous researcher | |
| CVE-2017-13842: an anonymous researcher | |
| CVE-2017-13782: an anonymous researcher | |
| Kernel | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to execute arbitrary code with kernel privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13843: an anonymous researcher, an anonymous researcher | |
| Kernel | |
| Available for: macOS Sierra 10.12.6 | |
| Impact: Processing a malformed mach binary may lead to arbitrary code execution | |
| Description: A memory corruption issue was addressed through improved validation. | |
| CVE-2017-13834: Maxime Villard (m00nbsd) | |
| Kernel | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6 | |
| Impact: An application may be able to execute arbitrary code with kernel privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team | |
| Entry updated November 10, 2017 | |
| Kernel | |
| Available for: macOS High Sierra 10.13 | |
| Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. | |
| Description: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting. | |
| CVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University | |
| Entry added November 10, 2017 | |
| libarchive | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution | |
| Description: A buffer overflow issue was addressed through improved memory handling. | |
| CVE-2017-13813: found by OSS-Fuzz | |
| CVE-2017-13816: found by OSS-Fuzz | |
| libarchive | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution | |
| Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. | |
| CVE-2017-13812: found by OSS-Fuzz | |
| libarchive | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to read restricted memory | |
| Description: A validation issue was addressed with improved input sanitization. | |
| CVE-2016-4736: an anonymous researcher | |
| Open Scripting Architecture | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13824: an anonymous researcher | |
| PCRE | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Multiple issues in pcre | |
| Description: Multiple issues were addressed by updating to version 8.40. | |
| CVE-2017-13846 | |
| Postfix | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Multiple issues in Postfix | |
| Description: Multiple issues were addressed by updating to version 3.2.2. | |
| CVE-2017-13826: an anonymous researcher | |
| Quick Look | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to read restricted memory | |
| Description: A validation issue was addressed with improved input sanitization. | |
| CVE-2017-13822: Australian Cyber Security Centre – Australian Signals Directorate | |
| Quick Look | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution | |
| Description: A memory consumption issue was addressed through improved memory handling. | |
| CVE-2017-7132: Australian Cyber Security Centre – Australian Signals Directorate | |
| QuickTime | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to read restricted memory | |
| Description: A validation issue was addressed with improved input sanitization. | |
| CVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences | |
| Entry updated November 10, 2017 | |
| Remote Management | |
| Available for: macOS Sierra 10.12.6 | |
| Impact: An application may be able to execute arbitrary code with system privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13808: an anonymous researcher | |
| Sandbox | |
| Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An application may be able to execute arbitrary code with system privileges | |
| Description: A memory corruption issue was addressed with improved memory handling. | |
| CVE-2017-13838: Alastair Houghton | |
| Entry updated November 10, 2017 | |
| StreamingZip | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: A malicious zip file may be able modify restricted areas of the file system | |
| Description: A path handling issue was addressed with improved validation. | |
| CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. | |
| tcpdump | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6 | |
| Impact: Multiple issues in tcpdump | |
| Description: Multiple issues were addressed by updating to version 4.9.2. | |
| CVE-2017-11108 | |
| CVE-2017-11541 | |
| CVE-2017-11542 | |
| CVE-2017-11543 | |
| CVE-2017-12893 | |
| CVE-2017-12894 | |
| CVE-2017-12895 | |
| CVE-2017-12896 | |
| CVE-2017-12897 | |
| CVE-2017-12898 | |
| CVE-2017-12899 | |
| CVE-2017-12900 | |
| CVE-2017-12901 | |
| CVE-2017-12902 | |
| CVE-2017-12985 | |
| CVE-2017-12986 | |
| CVE-2017-12987 | |
| CVE-2017-12988 | |
| CVE-2017-12989 | |
| CVE-2017-12990 | |
| CVE-2017-12991 | |
| CVE-2017-12992 | |
| CVE-2017-12993 | |
| CVE-2017-12994 | |
| CVE-2017-12995 | |
| CVE-2017-12996 | |
| CVE-2017-12997 | |
| CVE-2017-12998 | |
| CVE-2017-12999 | |
| CVE-2017-13000 | |
| CVE-2017-13001 | |
| CVE-2017-13002 | |
| CVE-2017-13003 | |
| CVE-2017-13004 | |
| CVE-2017-13005 | |
| CVE-2017-13006 | |
| CVE-2017-13007 | |
| CVE-2017-13008 | |
| CVE-2017-13009 | |
| CVE-2017-13010 | |
| CVE-2017-13011 | |
| CVE-2017-13012 | |
| CVE-2017-13013 | |
| CVE-2017-13014 | |
| CVE-2017-13015 | |
| CVE-2017-13016 | |
| CVE-2017-13017 | |
| CVE-2017-13018 | |
| CVE-2017-13019 | |
| CVE-2017-13020 | |
| CVE-2017-13021 | |
| CVE-2017-13022 | |
| CVE-2017-13023 | |
| CVE-2017-13024 | |
| CVE-2017-13025 | |
| CVE-2017-13026 | |
| CVE-2017-13027 | |
| CVE-2017-13028 | |
| CVE-2017-13029 | |
| CVE-2017-13030 | |
| CVE-2017-13031 | |
| CVE-2017-13032 | |
| CVE-2017-13033 | |
| CVE-2017-13034 | |
| CVE-2017-13035 | |
| CVE-2017-13036 | |
| CVE-2017-13037 | |
| CVE-2017-13038 | |
| CVE-2017-13039 | |
| CVE-2017-13040 | |
| CVE-2017-13041 | |
| CVE-2017-13042 | |
| CVE-2017-13043 | |
| CVE-2017-13044 | |
| CVE-2017-13045 | |
| CVE-2017-13046 | |
| CVE-2017-13047 | |
| CVE-2017-13048 | |
| CVE-2017-13049 | |
| CVE-2017-13050 | |
| CVE-2017-13051 | |
| CVE-2017-13052 | |
| CVE-2017-13053 | |
| CVE-2017-13054 | |
| CVE-2017-13055 | |
| CVE-2017-13687 | |
| CVE-2017-13688 | |
| CVE-2017-13689 | |
| CVE-2017-13690 | |
| CVE-2017-13725 | |
| Wi-Fi | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) | |
| Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. | |
| CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven | |
| CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven | |
| Entry updated November 3, 2017 | |
| Wi-Fi | |
| Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 | |
| Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) | |
| Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. | |
| CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven | |
| Entry updated November 3, 2017 | |
| Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners. | |
| Published Date: Nov 11, 2017 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment