Menu
Apple's new macOS Sierra fixes over 60 security flaws

Apple's new macOS Sierra fixes over 60 security flaws

Some of the vulnerabilities allow for arbitrary code execution and remote attack

Apple launched its newest operating system, macOS Sierra 10.12, on Tuesday and aside from new and interesting features, it has a large number of important security fixes.

The new OS patches 65 vulnerabilities in various core and third-party components. Some of these vulnerabilities are critical and can result in arbitrary code execution with kernel privileges.

Flaws that allow local applications to execute malicious code with kernel or system privileges were fixed in Apple's HSSPI support component, AppleEFIRuntime, AppleMobileFileIntegrity, AppleUUC, the Bluetooth stack, DiskArbitration, the Intel Graphics Driver, the IOAcceleratorFamily and IOThunderboltFamily, the S2 Camera, the Security service and the kernel itself.

A vulnerability patched in the WindowsServer could also be exploited by a local user to gain root privileges.

Aside from these flaws, which require an attacker to have local access through an account or application, Apple patched vulnerabilities that could allow for remote attacks.

For example, a flaw in the audio component could be exploited remotely to execute arbitrary code, while a kernel vulnerability could allow an attacker to remotely trigger a denial-of-service condition. A flaw in the Apache web server could be exploited remotely to proxy traffic through an arbitrary server and another one in the Kerberos v5 PAM module could allow attackers to enumerate accounts.

In addition to macOS Sierra 10.12, which is available as an update for OS X El Capitan 10.11.6 on supported devices, Apple also released Safari 10 for earlier OS X versions. This Safari release also fixes 26 vulnerabilities, many of which could be exploited through malicious web content to achieve remote code execution.

Apple will continue to release security updates for OS X El Capitan and OS X Yosemite, even if users don't upgrade to macOS Sierra. However, OS X Mavericks is likely no longer supported.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments