You Might Want to Install macOS High Sierra Right Away as Apple Patches a Number of Security Flaws, Inc Encryption & DoS Issues

Author Photo
Sep 25
22Shares
Submit

Apple today released its latest operating system version, the macOS 10.13 High Sierra. While the launch was somewhat overshadowed by Patrick Wardle’s “dump” of a security issue that plagues not just the new macOS version but earlier too, it should be noted that today’s release fixes a number of bugs and security vulnerabilities, making it one important update.

Among some notable fixes include Denial of Service issues, a problem that enabled local user to send a password unencrypted over the network, service impersonation, an issue that allowed an email sender to determine the IP address of the recipient, email encryption problems, certificate validation issues, and several other similarly critical problems.

macOS 10.13 High Sierra security changelog

If you are still on the fence, here is the complete macOS 10.13 High Sierra security bulletin that should make it clear that today’s update has to be installed right away.

Application Firewall

Available for: OS X Lion 10.8 and later

Impact: A previously denied application firewall setting may take effect after upgrading

Description: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades.

AppSandbox

Available for: OS X Lion 10.8 and later

Impact: An application may be able to cause a denial of service

Description: Multiple denial of service issues were addressed through improved memory handling.

Captive Network Assistant

Available for: OS X Lion 10.8 and later

Impact: A local user may unknowingly send a password unencrypted over the network

Description: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state.

CFNetwork Proxies

Available for: OS X Lion 10.8 and later

Impact: An attacker in a privileged network position may be able to cause a denial of service

Description: Multiple denial of service issues were addressed through improved memory handling.

CoreAudio

Available for: OS X Lion 10.8 and later

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4.

Directory Utility

Available for: OS X Lion 10.8 and later

Impact: A local attacker may be able to determine the Apple ID of the owner of the computer

Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.

file

Available for: OS X Lion 10.8 and later

Impact: Multiple issues in file

Description: Multiple issues were addressed by updating to version 5.30.

Heimdal

Available for: OS X Lion 10.8 and later

Impact: An attacker in a privileged network position may be able to impersonate a service

Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.

IOFireWireFamily

Available for: OS X Lion 10.8 and later

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

IOFireWireFamily

Available for: OS X Lion 10.8 and later

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

Kernel

Available for: OS X Lion 10.8 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

libc

Available for: OS X Lion 10.8 and later

Impact: A remote attacker may be able to cause a denial-of-service

Description: A resource exhaustion issue in glob() was addressed through an improved algorithm.

libc

Available for: OS X Lion 10.8 and later

Impact: An application may be able to cause a denial of service

Description: A memory consumption issue was addressed through improved memory handling.

libexpat

Available for: OS X Lion 10.8 and later

Impact: Multiple issues in expat

Description: Multiple issues were addressed by updating to version 2.2.1

Mail

Available for: OS X Lion 10.8 and later

Impact: The sender of an email may be able to determine the IP address of the recipient

Description: Turning off “Load remote content in messages” did not apply to all mailboxes. This issue was addressed with improved setting propagation.

Mail Drafts

Available for: OS X Lion 10.8 and later

Impact: An attacker with a privileged network position may be able to intercept mail contents

Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

ntp

Available for: OS X Lion 10.8 and later

Impact: Multiple issues in ntp

Description: Multiple issues were addressed by updating to version 4.2.8p10

Screen Lock

Available for: OS X Lion 10.8 and later

Impact: Application Firewall prompts may appear over Login Window

Description: A window management issue was addressed through improved state management.

Security

Available for: OS X Lion 10.8 and later

Impact: A revoked certificate may be trusted

Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.

SQLite

Available for: OS X Lion 10.8 and later

Impact: Multiple issues in SQLite

Description: Multiple issues were addressed by updating to version 3.19.3.

SQLite

Available for: OS X Lion 10.8 and later

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

zlib

Available for: OS X Lion 10.8 and later

Impact: Multiple issues in zlib

Description: Multiple issues were addressed by updating to version 1.2.11.

Submit