Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple Patches Vulnerabilities in macOS, macOS Server

Apple on Monday announced the release of security patches for its macOS users, available as part of the macOS High Sierra 10.13 platform upgrade.

Apple on Monday announced the release of security patches for its macOS users, available as part of the macOS High Sierra 10.13 platform upgrade.

The tech company addressed over 40 security flaws impacting OS X Lion 10.8 and later. Affected components include Application Firewall, AppSandbox, Captive Network Assistant, CoreAudio, Directory Utility, file, IOFireWireFamily, Kernel, libc, libexpat, Mail, ntp, Screen Lock, Security, SQLite, and zlib.

With 10 vulnerabilities addressed in it, ntp emerges as the most affected component, followed by file, with 6 security flaws, and SQLite with 5 vulnerabilities. These issues were addressed by updating to ntp version 4.2.8p10, file version 5.30, and SQLite version 3.19.3. Apple also addressed 4 bugs in zlib by updating it to version 1.2.11.

A flaw in AppSandbox could result in an application causing denial of service, while a bug in CFNetwork Proxies could allow an attacker in a privileged network position to cause a denial of service. An issue impacting Captive Network Assistant could result in a local user unknowingly sending a password unencrypted over the network.

A CoreAudio bug allowed an application to read restricted memory, while an issue in Directory Utility could allow a local attacker to determine the Apple ID of the owner of the computer. IOFireWireFamily bugs could allow attackers to execute arbitrary code, or applications to read restricted memory.

Other vulnerabilities could allow an attacker to impersonate a service or cause denial of service, an application to execute arbitrary code with kernel privileges, or the sender of an email to determine the IP address of the recipient. A bug in security could result in a revoked certificate to be trusted.

Apple also addressed a couple of issues in FreeRADIUS by updating it to version 2.2.10. macOS Server 5.4 was released for macOS High Sierra 10.13 to resolve these issues.

Also on Monday, Apple announced the release of iCloud for Windows 7.0 to resolve 22 vulnerabilities in only two components: SQLite and WebKit.

Advertisement. Scroll to continue reading.

A single arbitrary code execution flaw was addressed in SQLite, while the remaining 21 vulnerabilities affected WebKit. These included issues that could lead to arbitrary code execution, universal cross site scripting, address bar spoofing, cross site scripting, or in the sending of cookies belonging to one origin to another origin.

Last week, Apple announced the availability of iOS 11 to resolve 8 vulnerabilities in the mobile OS. The platform was released along with Safari 11, which resolved 3 security flaws, and Xcode 9, which included patches for six bugs.

The tech company also released tvOS 11 to address 45 issues in the platform, and watchOS 4, which addressed 23 vulnerabilities.

Related: iOS 11 Patches 8 Security Vulnerabilities

Related: Unsigned Apps Can Steal macOS Keychain Passwords

Related: Secure Kernel Extension Loading in macOS Easily Bypassed: Researcher

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.