Security Experts:

Apple Patches Vulnerabilities in macOS, macOS Server

Apple on Monday announced the release of security patches for its macOS users, available as part of the macOS High Sierra 10.13 platform upgrade.

The tech company addressed over 40 security flaws impacting OS X Lion 10.8 and later. Affected components include Application Firewall, AppSandbox, Captive Network Assistant, CoreAudio, Directory Utility, file, IOFireWireFamily, Kernel, libc, libexpat, Mail, ntp, Screen Lock, Security, SQLite, and zlib.

With 10 vulnerabilities addressed in it, ntp emerges as the most affected component, followed by file, with 6 security flaws, and SQLite with 5 vulnerabilities. These issues were addressed by updating to ntp version 4.2.8p10, file version 5.30, and SQLite version 3.19.3. Apple also addressed 4 bugs in zlib by updating it to version 1.2.11.

A flaw in AppSandbox could result in an application causing denial of service, while a bug in CFNetwork Proxies could allow an attacker in a privileged network position to cause a denial of service. An issue impacting Captive Network Assistant could result in a local user unknowingly sending a password unencrypted over the network.

A CoreAudio bug allowed an application to read restricted memory, while an issue in Directory Utility could allow a local attacker to determine the Apple ID of the owner of the computer. IOFireWireFamily bugs could allow attackers to execute arbitrary code, or applications to read restricted memory.

Other vulnerabilities could allow an attacker to impersonate a service or cause denial of service, an application to execute arbitrary code with kernel privileges, or the sender of an email to determine the IP address of the recipient. A bug in security could result in a revoked certificate to be trusted.

Apple also addressed a couple of issues in FreeRADIUS by updating it to version 2.2.10. macOS Server 5.4 was released for macOS High Sierra 10.13 to resolve these issues.

Also on Monday, Apple announced the release of iCloud for Windows 7.0 to resolve 22 vulnerabilities in only two components: SQLite and WebKit.

A single arbitrary code execution flaw was addressed in SQLite, while the remaining 21 vulnerabilities affected WebKit. These included issues that could lead to arbitrary code execution, universal cross site scripting, address bar spoofing, cross site scripting, or in the sending of cookies belonging to one origin to another origin.

Last week, Apple announced the availability of iOS 11 to resolve 8 vulnerabilities in the mobile OS. The platform was released along with Safari 11, which resolved 3 security flaws, and Xcode 9, which included patches for six bugs.

The tech company also released tvOS 11 to address 45 issues in the platform, and watchOS 4, which addressed 23 vulnerabilities.

Related: iOS 11 Patches 8 Security Vulnerabilities

Related: Unsigned Apps Can Steal macOS Keychain Passwords

Related: Secure Kernel Extension Loading in macOS Easily Bypassed: Researcher

view counter