You Might Want to Install macOS High Sierra Right Away as Apple Patches a Number of Security Flaws, Inc Encryption & DoS Issues
Apple today released its latest operating system version, the macOS 10.13 High Sierra. While the launch was somewhat overshadowed by Patrick Wardle’s “dump” of a security issue that plagues not just the new macOS version but earlier too, it should be noted that today’s release fixes a number of bugs and security vulnerabilities, making it one important update.
Among some notable fixes include Denial of Service issues, a problem that enabled local user to send a password unencrypted over the network, service impersonation, an issue that allowed an email sender to determine the IP address of the recipient, email encryption problems, certificate validation issues, and several other similarly critical problems.
Related Apple Releases macOS High Sierra 10.13.5 with Messages in iCloud [Changelog]
macOS 10.13 High Sierra security changelog
If you are still on the fence, here is the complete macOS 10.13 High Sierra security bulletin that should make it clear that today’s update has to be installed right away.
Application Firewall
Available for: OS X Lion 10.8 and later
Impact: A previously denied application firewall setting may take effect after upgrading
Description: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades.
AppSandbox
Available for: OS X Lion 10.8 and later
Impact: An application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed through improved memory handling.
Captive Network Assistant
Available for: OS X Lion 10.8 and later
Impact: A local user may unknowingly send a password unencrypted over the network
Description: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state.
CFNetwork Proxies
Available for: OS X Lion 10.8 and later
Impact: An attacker in a privileged network position may be able to cause a denial of service
Description: Multiple denial of service issues were addressed through improved memory handling.
CoreAudio
Available for: OS X Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4.
Directory Utility
Available for: OS X Lion 10.8 and later
Impact: A local attacker may be able to determine the Apple ID of the owner of the computer
Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.
file
Available for: OS X Lion 10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version 5.30.
Heimdal
Available for: OS X Lion 10.8 and later
Impact: An attacker in a privileged network position may be able to impersonate a service
Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.
IOFireWireFamily
Available for: OS X Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
IOFireWireFamily
Available for: OS X Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Kernel
Available for: OS X Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
libc
Available for: OS X Lion 10.8 and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed through an improved algorithm.
libc
Available for: OS X Lion 10.8 and later
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through improved memory handling.
libexpat
Available for: OS X Lion 10.8 and later
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version 2.2.1
Available for: OS X Lion 10.8 and later
Impact: The sender of an email may be able to determine the IP address of the recipient
Description: Turning off “Load remote content in messages” did not apply to all mailboxes. This issue was addressed with improved setting propagation.
Mail Drafts
Available for: OS X Lion 10.8 and later
Impact: An attacker with a privileged network position may be able to intercept mail contents
Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.
ntp
Available for: OS X Lion 10.8 and later
Impact: Multiple issues in ntp
Description: Multiple issues were addressed by updating to version 4.2.8p10
Screen Lock
Available for: OS X Lion 10.8 and later
Impact: Application Firewall prompts may appear over Login Window
Description: A window management issue was addressed through improved state management.
Security
Available for: OS X Lion 10.8 and later
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.
SQLite
Available for: OS X Lion 10.8 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to version 3.19.3.
SQLite
Available for: OS X Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
zlib
Available for: OS X Lion 10.8 and later
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version 1.2.11.
Related
