Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2213
macOS Sierra 10.12
21 September 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OS X Sierra
Publisher: Apple
Operating System: OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-6297 CVE-2016-6296 CVE-2016-6295
CVE-2016-6294 CVE-2016-6292 CVE-2016-6291
CVE-2016-6290 CVE-2016-6289 CVE-2016-6288
CVE-2016-6174 CVE-2016-5773 CVE-2016-5772
CVE-2016-5771 CVE-2016-5770 CVE-2016-5769
CVE-2016-5768 CVE-2016-5131 CVE-2016-4779
CVE-2016-4778 CVE-2016-4777 CVE-2016-4776
CVE-2016-4775 CVE-2016-4774 CVE-2016-4773
CVE-2016-4772 CVE-2016-4771 CVE-2016-4755
CVE-2016-4753 CVE-2016-4752 CVE-2016-4750
CVE-2016-4748 CVE-2016-4745 CVE-2016-4742
CVE-2016-4739 CVE-2016-4738 CVE-2016-4736
CVE-2016-4727 CVE-2016-4726 CVE-2016-4725
CVE-2016-4724 CVE-2016-4723 CVE-2016-4722
CVE-2016-4718 CVE-2016-4717 CVE-2016-4716
CVE-2016-4715 CVE-2016-4713 CVE-2016-4712
CVE-2016-4711 CVE-2016-4710 CVE-2016-4709
CVE-2016-4708 CVE-2016-4707 CVE-2016-4706
CVE-2016-4703 CVE-2016-4702 CVE-2016-4701
CVE-2016-4700 CVE-2016-4699 CVE-2016-4698
CVE-2016-4697 CVE-2016-4696 CVE-2016-4694
CVE-2016-4658 CVE-2016-4606
Reference: ASB-2016.0077
ESB-2016.1747
- --------------------------BEGIN INCLUDED TEXT--------------------
APPLE-SA-2016-09-20 macOS Sierra 10.12
macOS Sierra 10.12 is now available and addresses the following:
apache
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to proxy traffic through an
arbitrary server
Description: An issue existed in the handling of the HTTP_PROXY
environment variable. This issue was addressed by not setting the
HTTP_PROXY environment variable from CGI.
CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend
apache_mod_php
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in PHP, the most significant of which may
lead to unexpected application termination or arbitrary code
execution.
Description: Multiple issues in PHP were addressed by updating PHP to
version 5.6.24.
CVE-2016-5768 : Apple
CVE-2016-5769 : Apple
CVE-2016-5770 : Apple
CVE-2016-5771 : Apple
CVE-2016-5772 : Apple
CVE-2016-5773 : Apple
CVE-2016-6174 : Apple
CVE-2016-6288 : Apple
CVE-2016-6289 : Apple
CVE-2016-6290 : Apple
CVE-2016-6291 : Apple
CVE-2016-6292 : Apple
CVE-2016-6294 : Apple
CVE-2016-6295 : Apple
CVE-2016-6296 : Apple
CVE-2016-6297 : Apple
Apple HSSPI Support
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4697 : Qidan He(@flanker_hqd) from KeenLab working with
Trend Micro's Zero Day Initiative
AppleEFIRuntime
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4696 : Shrek_wzw of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: OS X El Capitan v10.11.6
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698 : Pedro Vilaça
AppleUUC
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-4699 : Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Micro's Zero Day Initiative
CVE-2016-4700 : Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microâ\x{128}\x{153}s Zero Day Initiative
Application Firewall
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to cause a denial of service
Description: A validation issue existed in the handling of firewall
prompts. This issue was addressed through improved validation of
SO_EXECPATH.
CVE-2016-4701 : Meder Kydyraliev Google Security Team
ATS
Available for: OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4779 : riusksk of Tencent Security Platform Department
Audio
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702 : YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Bluetooth
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4703 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
cd9660
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to cause a system denial of service
Description: An input validation issue was addressed through improved
memory handling.
CVE-2016-4706 : Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
CFNetwork
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707 : an anonymous researcher
CFNetwork
Available for: OS X El Capitan v10.11.6
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708 : Dawid Czagan of Silesia Security Lab
CommonCrypto
Available for: OS X El Capitan v10.11.6
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711 : Max Lohrmann
CoreCrypto
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712 : Gergo Koteles
CoreDisplay
Available for: OS X El Capitan v10.11.6
Impact: A user with screen sharing access may be able to view another
user's screen
Description: A session management issue existed in the handling of
screen sharing sessions. This issue was addressed through improved
session tracking.
CVE-2016-4713 : Ruggero Alberti
curl
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in curl
Description: Multiple security issues existed in curl prior to
version 7.49.1. These issues were addressed by updating curl to
version 7.49.1.
CVE-2016-4606 : Isaac Boukris
Date & Time Pref Pane
Available for: OS X El Capitan v10.11.6
Impact: A malicious application may be able to determine a user's
current location
Description: An issue existed in the handling of the
.GlobalPreferences file. This was addressed though improved
validation.
CVE-2016-4715 : Taiki (@Taiki__San) at ESIEA (Paris)
DiskArbitration
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An access issue existed in diskutil. This issue was
addressed through improved permissions checking.
CVE-2016-4716 : Alexander Allen of The North Carolina School of
Science and Mathematics
File Bookmark
Available for: OS X El Capitan v10.11.6
Impact: A local application may be able to cause a denial of service
Description: A resource management issue existed in the handling of
scoped bookmarks. This issue was addressed through improved file
descriptor handling.
CVE-2016-4717 : Tom Bradley of 71Squared Ltd
FontParser
Available for: OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718 : Apple
IDS - Connectivity
Available for: OS X El Capitan v10.11.6
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722 : Martin Vigo (@martin_vigo) of salesforce.com
<http://salesforce.com/>
Intel Graphics Driver
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4723 : daybreaker of Minionz
IOAcceleratorFamily
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724 : Cererdlong, Eakerqiu of Team OverSky
IOAcceleratorFamily
Available for: OS X El Capitan v10.11.6
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725 : Rodger Combs of Plex, Inc
IOAcceleratorFamily
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726 : an anonymous researcher
IOThunderboltFamily
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4727 : wmin working with Trend Micros Zero Day Initiative
Kerberos v5 PAM module
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may determine the existence of user
accounts
Description: A timing side channel allowed an attacker to determine
the existence of user accounts on a system. This issue was addressed
by introducing constant time checks.
CVE-2016-4745 : an anonymous researcher
Kernel
Available for: OS X El Capitan v10.11.6
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771 : Balazs Bucsay, Research Director of MRG Effitas
Kernel
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772 : Marc Heuse of mh-sec
Kernel
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773 : Brandon Azad
CVE-2016-4774 : Brandon Azad
CVE-2016-4776 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778 : CESG
libarchive
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed through improved input validation.
CVE-2016-4736 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658 : Nick Wellnhofer
CVE-2016-5131 : Nick Wellnhofer
libxslt
Available for: OS X El Capitan v10.11.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738 : Nick Wellnhofer
mDNSResponder
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to view sensitive information
Description: Applications using VMnet.framework enabled a DNS proxy
listening on all network interfaces. This issue was addressed by
restricting DNS query responses to local interfaces.
CVE-2016-4739 : Magnus Skjegstad, David Scott and Anil Madhavapeddy
from Docker, Inc.
NSSecureTextField
Available for: OS X El Capitan v10.11.6
Impact: A malicious application may be able to leak a user's
credentials
Description: A state management issue existed in NSSecureTextField,
which failed to enable Secure Input. This issue was addressed through
improved window management.
CVE-2016-4742 : Daniel Jalkut of Red Sweater Software, Rick Fillion
of AgileBits
Perl
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to bypass the taint protection
mechanism
Description: An issue existed in the parsing of environment
variables. This issue was addressed through improved validation of
environment variables.
CVE-2016-4748 : Stephane Chazelas
S2 Camera
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750 : Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microâ\x{128}\x{153}s Zero Day Initiative
Security
Available for: OS X El Capitan v10.11.6
Impact: An application using SecKeyDeriveFromPassword may leak memory
Description: A resource management issue existed in the handling of
key derivation. This issue was addressed by
adding CF_RETURNS_RETAINED to SecKeyDeriveFromPassword.
CVE-2016-4752 : Mark Rogers of PowerMapper Software
Security
Available for: OS X El Capitan v10.11.6
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753 : Mark Mentovai of Google Inc.
Terminal
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in .bash_history and
.bash_session. This issue was addressed through improved access
restrictions.
CVE-2016-4755 : Axel Luttgens
WindowServer
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to gain root privileges
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-4709 : an anonymous researcher
CVE-2016-4710 : an anonymous researcher
macOS Sierra 10.12 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV+HmMox+lLeg9Ub1AQiClg/9EAZU1tEcF8wlRMqPYp+aMHWvJKQfreEl
cI8OSqgaxwPLrIRfEnEbnkqz//09rJ6kUSYzEKsqeUdeYdqcgyr4Tr1zyqF97wLl
6X21TYCG+a9FPNmPOQ+3lD7my9PaXIHH1k0BbHXhtbabDPEPbQhwjAHAzcAjnO2G
GdQeNImQl0qEcEZx+hXSRA4NC7ZmLzvAwOO2J21wKzSE2+DyI57yH8508Bv+/mlF
R00VAsd3QGZV+vCvt4v4ITU8lJH+M1udjSfGSeRoV34zb2geqN1qrzH8Zpc4oXbV
SGWA6+zAI/9YtHht5fGVyb7KgjbObatZ4H/2CGOYFDbFaGojTVqBrIHZm55tqbhR
DCuiJWClurp93GslzfBaTHxtUge+R/Vf1eh8Uk+9g8CoqWe8t1J211mg7MiedG5M
+yVdOuwbk9il9NulEin3cK5rdWmE01pBPm2x+2dyTewgVA1e5x1xONs0shG2nu2n
FxlyiN8pMGcWFLQ6WEwBRvr7/TgWH2ZlRttV6TnR5i68FasBEl/Iixac9Z+nxRJB
0AZwj5jMl7LCqtUpgMO4eZnesf+8Jv4eAnGeV0G7tSf1uEKEX1SCElGdCmrRCeSY
uHcfp331AbHe766YQrGI0N2f53R1MDIXMriksQAZ6ct6FyXSuLRo/RZ4mRyiOj2J
SU3LYlIW39Y=
=v4+f
-----END PGP SIGNATURE-----