Menu
Apple's new macOS Sierra fixes over 60 security flaws

Apple's new macOS Sierra fixes over 60 security flaws

Some of the vulnerabilities allow for arbitrary code execution and remote attack

Apple launched its newest operating system, macOS Sierra 10.12, on Tuesday and aside from new and interesting features, it has a large number of important security fixes.

The new OS patches 65 vulnerabilities in various core and third-party components. Some of these vulnerabilities are critical and can result in arbitrary code execution with kernel privileges.

Flaws that allow local applications to execute malicious code with kernel or system privileges were fixed in Apple's HSSPI support component, AppleEFIRuntime, AppleMobileFileIntegrity, AppleUUC, the Bluetooth stack, DiskArbitration, the Intel Graphics Driver, the IOAcceleratorFamily and IOThunderboltFamily, the S2 Camera, the Security service and the kernel itself.

A vulnerability patched in the WindowsServer could also be exploited by a local user to gain root privileges.

Aside from these flaws, which require an attacker to have local access through an account or application, Apple patched vulnerabilities that could allow for remote attacks.

For example, a flaw in the audio component could be exploited remotely to execute arbitrary code, while a kernel vulnerability could allow an attacker to remotely trigger a denial-of-service condition. A flaw in the Apache web server could be exploited remotely to proxy traffic through an arbitrary server and another one in the Kerberos v5 PAM module could allow attackers to enumerate accounts.

In addition to macOS Sierra 10.12, which is available as an update for OS X El Capitan 10.11.6 on supported devices, Apple also released Safari 10 for earlier OS X versions. This Safari release also fixes 26 vulnerabilities, many of which could be exploited through malicious web content to achieve remote code execution.

Apple will continue to release security updates for OS X El Capitan and OS X Yosemite, even if users don't upgrade to macOS Sierra. However, OS X Mavericks is likely no longer supported.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments