Released October 31, 2017 apache Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Multiple issues in Apache Description: Multiple issues were addressed by updating to version 2.4.27. CVE-2016-0736 CVE-2016-2161 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 CVE-2017-9789 Entry updated November 14, 2017 APFS Available for: macOS High Sierra 10.13 Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation. CVE-2017-13786: Dmytro Oleksiuk Entry updated November 10, 2017 APFS Available for: macOS High Sierra 10.13 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum AppleScript Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution Description: A validation issue was addressed with improved input sanitization. CVE-2017-13809: bat0s Entry updated November 10, 2017 ATS Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved input validation. CVE-2017-13820: John Villamil, Doyensec Audio Available for: macOS Sierra 10.12.6 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team CFNetwork Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative CVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative Entry added November 10, 2017 CFString Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13821: Australian Cyber Security Centre – Australian Signals Directorate CoreText Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2017-13825: Australian Cyber Security Centre – Australian Signals Directorate Entry updated November 16, 2018 curl Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-20: Even Rouault, found by OSS-Fuzz curl Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-20: Brian Carpenter, Yongji Ouyang Dictionary Widget Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Searching pasted text in the Dictionary widget may lead to compromise of user information Description: A validation issue existed which allowed local file access. ![]() This was addressed with input sanitization. CVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com) file Available for: macOS Sierra 10.12.6 Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.31. ![]() CVE-2017-13815: found by OSS-Fuzz Entry updated October 18, 2018 Fonts Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management. Winzip for free mac. CVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome Entry updated November 10, 2017 fsck_msdos Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13811: V.E.O.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2019
Categories |