Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2213 macOS Sierra 10.12 21 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OS X Sierra Publisher: Apple Operating System: OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-6297 CVE-2016-6296 CVE-2016-6295 CVE-2016-6294 CVE-2016-6292 CVE-2016-6291 CVE-2016-6290 CVE-2016-6289 CVE-2016-6288 CVE-2016-6174 CVE-2016-5773 CVE-2016-5772 CVE-2016-5771 CVE-2016-5770 CVE-2016-5769 CVE-2016-5768 CVE-2016-5131 CVE-2016-4779 CVE-2016-4778 CVE-2016-4777 CVE-2016-4776 CVE-2016-4775 CVE-2016-4774 CVE-2016-4773 CVE-2016-4772 CVE-2016-4771 CVE-2016-4755 CVE-2016-4753 CVE-2016-4752 CVE-2016-4750 CVE-2016-4748 CVE-2016-4745 CVE-2016-4742 CVE-2016-4739 CVE-2016-4738 CVE-2016-4736 CVE-2016-4727 CVE-2016-4726 CVE-2016-4725 CVE-2016-4724 CVE-2016-4723 CVE-2016-4722 CVE-2016-4718 CVE-2016-4717 CVE-2016-4716 CVE-2016-4715 CVE-2016-4713 CVE-2016-4712 CVE-2016-4711 CVE-2016-4710 CVE-2016-4709 CVE-2016-4708 CVE-2016-4707 CVE-2016-4706 CVE-2016-4703 CVE-2016-4702 CVE-2016-4701 CVE-2016-4700 CVE-2016-4699 CVE-2016-4698 CVE-2016-4697 CVE-2016-4696 CVE-2016-4694 CVE-2016-4658 CVE-2016-4606 Reference: ASB-2016.0077 ESB-2016.1747 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2016-09-20 macOS Sierra 10.12 macOS Sierra 10.12 is now available and addresses the following: apache Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to proxy traffic through an arbitrary server Description: An issue existed in the handling of the HTTP_PROXY environment variable. This issue was addressed by not setting the HTTP_PROXY environment variable from CGI. CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend apache_mod_php Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution. Description: Multiple issues in PHP were addressed by updating PHP to version 5.6.24. CVE-2016-5768 : Apple CVE-2016-5769 : Apple CVE-2016-5770 : Apple CVE-2016-5771 : Apple CVE-2016-5772 : Apple CVE-2016-5773 : Apple CVE-2016-6174 : Apple CVE-2016-6288 : Apple CVE-2016-6289 : Apple CVE-2016-6290 : Apple CVE-2016-6291 : Apple CVE-2016-6292 : Apple CVE-2016-6294 : Apple CVE-2016-6295 : Apple CVE-2016-6296 : Apple CVE-2016-6297 : Apple Apple HSSPI Support Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4697 : Qidan He(@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative AppleEFIRuntime Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4696 : Shrek_wzw of Qihoo 360 Nirvan Team AppleMobileFileIntegrity Available for: OS X El Capitan v10.11.6 Impact: A local application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the task port inheritance policy. This issue was addressed through improved validation of the process entitlement and Team ID. CVE-2016-4698 : Pedro Vilaça AppleUUC Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-4699 : Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-4700 : Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Microâ\x{128}\x{153}s Zero Day Initiative Application Firewall Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to cause a denial of service Description: A validation issue existed in the handling of firewall prompts. This issue was addressed through improved validation of SO_EXECPATH. CVE-2016-4701 : Meder Kydyraliev Google Security Team ATS Available for: OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4779 : riusksk of Tencent Security Platform Department Audio Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702 : YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Bluetooth Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4703 : Juwei Lin(@fuzzerDOTcn) of Trend Micro cd9660 Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to cause a system denial of service Description: An input validation issue was addressed through improved memory handling. CVE-2016-4706 : Recurity Labs on behalf of BSI (German Federal Office for Information Security) CFNetwork Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to discover websites a user has visited Description: An issue existed in Local Storage deletion. This issue was addressed through improved Local Storage cleanup. CVE-2016-4707 : an anonymous researcher CFNetwork Available for: OS X El Capitan v10.11.6 Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708 : Dawid Czagan of Silesia Security Lab CommonCrypto Available for: OS X El Capitan v10.11.6 Impact: An application using CCrypt may disclose sensitive plaintext if the output and input buffer are the same Description: An input validation issue existed in corecrypto. This issue was addressed through improved input validation. CVE-2016-4711 : Max Lohrmann CoreCrypto Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712 : Gergo Koteles CoreDisplay Available for: OS X El Capitan v10.11.6 Impact: A user with screen sharing access may be able to view another user's screen Description: A session management issue existed in the handling of screen sharing sessions. This issue was addressed through improved session tracking. CVE-2016-4713 : Ruggero Alberti curl Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in curl Description: Multiple security issues existed in curl prior to version 7.49.1. These issues were addressed by updating curl to version 7.49.1. CVE-2016-4606 : Isaac Boukris Date & Time Pref Pane Available for: OS X El Capitan v10.11.6 Impact: A malicious application may be able to determine a user's current location Description: An issue existed in the handling of the .GlobalPreferences file. This was addressed though improved validation. CVE-2016-4715 : Taiki (@Taiki__San) at ESIEA (Paris) DiskArbitration Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to execute arbitrary code with system privileges Description: An access issue existed in diskutil. This issue was addressed through improved permissions checking. CVE-2016-4716 : Alexander Allen of The North Carolina School of Science and Mathematics File Bookmark Available for: OS X El Capitan v10.11.6 Impact: A local application may be able to cause a denial of service Description: A resource management issue existed in the handling of scoped bookmarks. This issue was addressed through improved file descriptor handling. CVE-2016-4717 : Tom Bradley of 71Squared Ltd FontParser Available for: OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718 : Apple IDS - Connectivity Available for: OS X El Capitan v10.11.6 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A spoofing issue existed in the handling of Call Relay. This issue was addressed through improved input validation. CVE-2016-4722 : Martin Vigo (@martin_vigo) of salesforce.com <http://salesforce.com/> Intel Graphics Driver Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4723 : daybreaker of Minionz IOAcceleratorFamily Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4724 : Cererdlong, Eakerqiu of Team OverSky IOAcceleratorFamily Available for: OS X El Capitan v10.11.6 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725 : Rodger Combs of Plex, Inc IOAcceleratorFamily Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726 : an anonymous researcher IOThunderboltFamily Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4727 : wmin working with Trend Micros Zero Day Initiative Kerberos v5 PAM module Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may determine the existence of user accounts Description: A timing side channel allowed an attacker to determine the existence of user accounts on a system. This issue was addressed by introducing constant time checks. CVE-2016-4745 : an anonymous researcher Kernel Available for: OS X El Capitan v10.11.6 Impact: A local application may be able to access restricted files Description: A parsing issue in the handling of directory paths was addressed through improved path validation. CVE-2016-4771 : Balazs Bucsay, Research Director of MRG Effitas Kernel Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772 : Marc Heuse of mh-sec Kernel Available for: OS X El Capitan v10.11.6 Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773 : Brandon Azad CVE-2016-4774 : Brandon Azad CVE-2016-4776 : Brandon Azad Kernel Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775 : Brandon Azad Kernel Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777 : Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778 : CESG libarchive Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. CVE-2016-4736 : Proteas of Qihoo 360 Nirvan Team libxml2 Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658 : Nick Wellnhofer CVE-2016-5131 : Nick Wellnhofer libxslt Available for: OS X El Capitan v10.11.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738 : Nick Wellnhofer mDNSResponder Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to view sensitive information Description: Applications using VMnet.framework enabled a DNS proxy listening on all network interfaces. This issue was addressed by restricting DNS query responses to local interfaces. CVE-2016-4739 : Magnus Skjegstad, David Scott and Anil Madhavapeddy from Docker, Inc. NSSecureTextField Available for: OS X El Capitan v10.11.6 Impact: A malicious application may be able to leak a user's credentials Description: A state management issue existed in NSSecureTextField, which failed to enable Secure Input. This issue was addressed through improved window management. CVE-2016-4742 : Daniel Jalkut of Red Sweater Software, Rick Fillion of AgileBits Perl Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to bypass the taint protection mechanism Description: An issue existed in the parsing of environment variables. This issue was addressed through improved validation of environment variables. CVE-2016-4748 : Stephane Chazelas S2 Camera Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4750 : Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Microâ\x{128}\x{153}s Zero Day Initiative Security Available for: OS X El Capitan v10.11.6 Impact: An application using SecKeyDeriveFromPassword may leak memory Description: A resource management issue existed in the handling of key derivation. This issue was addressed by adding CF_RETURNS_RETAINED to SecKeyDeriveFromPassword. CVE-2016-4752 : Mark Rogers of PowerMapper Software Security Available for: OS X El Capitan v10.11.6 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753 : Mark Mentovai of Google Inc. Terminal Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to leak sensitive user information Description: A permissions issue existed in .bash_history and .bash_session. This issue was addressed through improved access restrictions. CVE-2016-4755 : Axel Luttgens WindowServer Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4709 : an anonymous researcher CVE-2016-4710 : an anonymous researcher macOS Sierra 10.12 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV+HmMox+lLeg9Ub1AQiClg/9EAZU1tEcF8wlRMqPYp+aMHWvJKQfreEl cI8OSqgaxwPLrIRfEnEbnkqz//09rJ6kUSYzEKsqeUdeYdqcgyr4Tr1zyqF97wLl 6X21TYCG+a9FPNmPOQ+3lD7my9PaXIHH1k0BbHXhtbabDPEPbQhwjAHAzcAjnO2G GdQeNImQl0qEcEZx+hXSRA4NC7ZmLzvAwOO2J21wKzSE2+DyI57yH8508Bv+/mlF R00VAsd3QGZV+vCvt4v4ITU8lJH+M1udjSfGSeRoV34zb2geqN1qrzH8Zpc4oXbV SGWA6+zAI/9YtHht5fGVyb7KgjbObatZ4H/2CGOYFDbFaGojTVqBrIHZm55tqbhR DCuiJWClurp93GslzfBaTHxtUge+R/Vf1eh8Uk+9g8CoqWe8t1J211mg7MiedG5M +yVdOuwbk9il9NulEin3cK5rdWmE01pBPm2x+2dyTewgVA1e5x1xONs0shG2nu2n FxlyiN8pMGcWFLQ6WEwBRvr7/TgWH2ZlRttV6TnR5i68FasBEl/Iixac9Z+nxRJB 0AZwj5jMl7LCqtUpgMO4eZnesf+8Jv4eAnGeV0G7tSf1uEKEX1SCElGdCmrRCeSY uHcfp331AbHe766YQrGI0N2f53R1MDIXMriksQAZ6ct6FyXSuLRo/RZ4mRyiOj2J SU3LYlIW39Y= =v4+f -----END PGP SIGNATURE-----