Menu
Apple's new macOS Sierra fixes over 60 security flaws

Apple's new macOS Sierra fixes over 60 security flaws

Some of the vulnerabilities allow for arbitrary code execution and remote attack

Apple launched its newest operating system, macOS Sierra 10.12, on Tuesday and aside from new and interesting features, it has a large number of important security fixes.

The new OS patches 65 vulnerabilities in various core and third-party components. Some of these vulnerabilities are critical and can result in arbitrary code execution with kernel privileges.

Flaws that allow local applications to execute malicious code with kernel or system privileges were fixed in Apple's HSSPI support component, AppleEFIRuntime, AppleMobileFileIntegrity, AppleUUC, the Bluetooth stack, DiskArbitration, the Intel Graphics Driver, the IOAcceleratorFamily and IOThunderboltFamily, the S2 Camera, the Security service and the kernel itself.

A vulnerability patched in the WindowsServer could also be exploited by a local user to gain root privileges.

Aside from these flaws, which require an attacker to have local access through an account or application, Apple patched vulnerabilities that could allow for remote attacks.

For example, a flaw in the audio component could be exploited remotely to execute arbitrary code, while a kernel vulnerability could allow an attacker to remotely trigger a denial-of-service condition. A flaw in the Apache web server could be exploited remotely to proxy traffic through an arbitrary server and another one in the Kerberos v5 PAM module could allow attackers to enumerate accounts.

In addition to macOS Sierra 10.12, which is available as an update for OS X El Capitan 10.11.6 on supported devices, Apple also released Safari 10 for earlier OS X versions. This Safari release also fixes 26 vulnerabilities, many of which could be exploited through malicious web content to achieve remote code execution.

Apple will continue to release security updates for OS X El Capitan and OS X Yosemite, even if users don't upgrade to macOS Sierra. However, OS X Mavericks is likely no longer supported.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments