Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple Patches Vulnerabilities in macOS, macOS Server

Apple on Monday announced the release of security patches for its macOS users, available as part of the macOS High Sierra 10.13 platform upgrade.

Apple on Monday announced the release of security patches for its macOS users, available as part of the macOS High Sierra 10.13 platform upgrade.

The tech company addressed over 40 security flaws impacting OS X Lion 10.8 and later. Affected components include Application Firewall, AppSandbox, Captive Network Assistant, CoreAudio, Directory Utility, file, IOFireWireFamily, Kernel, libc, libexpat, Mail, ntp, Screen Lock, Security, SQLite, and zlib.

With 10 vulnerabilities addressed in it, ntp emerges as the most affected component, followed by file, with 6 security flaws, and SQLite with 5 vulnerabilities. These issues were addressed by updating to ntp version 4.2.8p10, file version 5.30, and SQLite version 3.19.3. Apple also addressed 4 bugs in zlib by updating it to version 1.2.11.

A flaw in AppSandbox could result in an application causing denial of service, while a bug in CFNetwork Proxies could allow an attacker in a privileged network position to cause a denial of service. An issue impacting Captive Network Assistant could result in a local user unknowingly sending a password unencrypted over the network.

A CoreAudio bug allowed an application to read restricted memory, while an issue in Directory Utility could allow a local attacker to determine the Apple ID of the owner of the computer. IOFireWireFamily bugs could allow attackers to execute arbitrary code, or applications to read restricted memory.

Other vulnerabilities could allow an attacker to impersonate a service or cause denial of service, an application to execute arbitrary code with kernel privileges, or the sender of an email to determine the IP address of the recipient. A bug in security could result in a revoked certificate to be trusted.

Apple also addressed a couple of issues in FreeRADIUS by updating it to version 2.2.10. macOS Server 5.4 was released for macOS High Sierra 10.13 to resolve these issues.

Also on Monday, Apple announced the release of iCloud for Windows 7.0 to resolve 22 vulnerabilities in only two components: SQLite and WebKit.

Advertisement. Scroll to continue reading.

A single arbitrary code execution flaw was addressed in SQLite, while the remaining 21 vulnerabilities affected WebKit. These included issues that could lead to arbitrary code execution, universal cross site scripting, address bar spoofing, cross site scripting, or in the sending of cookies belonging to one origin to another origin.

Last week, Apple announced the availability of iOS 11 to resolve 8 vulnerabilities in the mobile OS. The platform was released along with Safari 11, which resolved 3 security flaws, and Xcode 9, which included patches for six bugs.

The tech company also released tvOS 11 to address 45 issues in the platform, and watchOS 4, which addressed 23 vulnerabilities.

Related: iOS 11 Patches 8 Security Vulnerabilities

Related: Unsigned Apps Can Steal macOS Keychain Passwords

Related: Secure Kernel Extension Loading in macOS Easily Bypassed: Researcher

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.