Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.2425
macOS High Sierra 10.13
26 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS
Publisher: Apple
Operating System: OS X
Impact/Access: Root Compromise -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-1000373 CVE-2017-11103 CVE-2017-10989
CVE-2017-9233 CVE-2017-7144 CVE-2017-7143
CVE-2017-7141 CVE-2017-7138 CVE-2017-7130
CVE-2017-7129 CVE-2017-7128 CVE-2017-7127
CVE-2017-7126 CVE-2017-7125 CVE-2017-7124
CVE-2017-7123 CVE-2017-7122 CVE-2017-7121
CVE-2017-7119 CVE-2017-7114 CVE-2017-7086
CVE-2017-7084 CVE-2017-7083 CVE-2017-7082
CVE-2017-7080 CVE-2017-7078 CVE-2017-7077
CVE-2017-7074 CVE-2017-6464 CVE-2017-6463
CVE-2017-6462 CVE-2017-6460 CVE-2017-6459
CVE-2017-6458 CVE-2017-6455 CVE-2017-6452
CVE-2017-6451 CVE-2017-0381 CVE-2016-9843
CVE-2016-9842 CVE-2016-9841 CVE-2016-9840
CVE-2016-9063 CVE-2016-9042
Reference: ESB-2017.1681
ESB-2017.1598
ESB-2017.1355
ESB-2017.1321
ESB-2017.1185
ESB-2017.0947
ESB-2017.0396
ESB-2017.0039
Original Bulletin:
https://support.apple.com/en-au/HT208144
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-09-25-1 macOS High Sierra 10.13
macOS High Sierra 10.13 is now available and addresses the following:
Application Firewall
Available for: OS X Lion v10.8 and later
Impact: A previously denied application firewall setting may take
effect after upgrading
Description: An upgrade issue existed in the handling of firewall
settings. This issue was addressed through improved handling of
firewall settings during upgrades.
CVE-2017-7084: an anonymous researcher
AppSandbox
Available for: OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7074: Daniel Jalkut of Red Sweater Software
Captive Network Assistant
Available for: OS X Lion v10.8 and later
Impact: A local user may unknowingly send a password unencrypted over
the network
Description: The security state of the captive portal browser was not
obvious. This issue was addressed with improved visibility of the
captive portal browser security state.
CVE-2017-7143: an anonymous researcher
CFNetwork Proxies
Available for: OS X Lion v10.8 and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
CoreAudio
Available for: OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro
Directory Utility
Available for: OS X Lion v10.8 and later
Impact: A local attacker may be able to determine the Apple ID of the
owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID. This issue was addressed with improved access controls.
CVE-2017-7138: an anonymous researcher
file
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.30.
CVE-2017-7121: found by OSS-Fuzz
CVE-2017-7122: found by OSS-Fuzz
CVE-2017-7123: found by OSS-Fuzz
CVE-2017-7124: found by OSS-Fuzz
CVE-2017-7125: found by OSS-Fuzz
CVE-2017-7126: found by OSS-Fuzz
Heimdal
Available for: OS X Lion v10.8 and later
Impact: An attacker in a privileged network position may be able to
impersonate a service
Description: A validation issue existed in the handling of the KDC-
REP service name. This issue was addressed through improved
validation.
CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams
IOFireWireFamily
Available for: OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7077: Brandon Azad
IOFireWireFamily
Available for: OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc.,
Benjamin Gnahm (@mitp0sh) of PDX
Kernel
Available for: OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
libc
Available for: OS X Lion v10.8 and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google
libc
Available for: OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373
libexpat
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233
Mail
Available for: OS X Lion v10.8 and later
Impact: The sender of an email may be able to determine the IP
address of the recipient
Description: Turning off "Load remote content in messages" did not
apply to all mailboxes. This issue was addressed with improved
setting propagation.
CVE-2017-7141: an anonymous researcher
Mail Drafts
Available for: OS X Lion v10.8 and later
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts. This issue was addressed with improved handling of mail
drafts meant to be sent encrypted.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher
ntp
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in ntp
Description: Multiple issues were addressed by updating to version
4.2.8p10
CVE-2017-6451: Cure53
CVE-2017-6452: Cure53
CVE-2017-6455: Cure53
CVE-2017-6458: Cure53
CVE-2017-6459: Cure53
CVE-2017-6460: Cure53
CVE-2017-6462: Cure53
CVE-2017-6463: Cure53
CVE-2017-6464: Cure53
CVE-2016-9042: Matthew Van Gundy of Cisco
Screen Lock
Available for: OS X Lion v10.8 and later
Impact: Application Firewall prompts may appear over Login Window
Description: A window management issue was addressed through improved
state management.
CVE-2017-7082: Tim Kingman
Security
Available for: OS X Lion v10.8 and later
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune
Darrud (@theflyingcorpse) of Bærum kommune, an anonymous researcher,
an anonymous researcher
SQLite
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to version
3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz
SQLite
Available for: OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher
WebKit
Available for: OS X Lion v10.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2017-7144: an anonymous researcher
zlib
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
Additional recognition
Security
We would like to acknowledge Abhinav Bansal of Zscaler, Inc.
for their assistance.
Installation note:
macOS 10.13 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGmSEP/0wgqASRSNneoBx/AMLk0Qac
mZhI8HuyJRTFwCOT7P7vkZTmoxtyOOdh4XaInvKMsW5I2G64YEmW86pcofHwdOTz
TSWIAdus34xErUZ13rMzfg8Z3XAberG1E31QU2y2EXenpJSZIL8nzLgt8ySPVyzu
PrQJxGxCMq1WAOSemGe+4rK2rMwpw5UDZyTbNPDi6lfKz0ZmtfvBzrgBq2xhA9iF
/2NVs5rRog38N6F6xR6GNqi0dVoZmh1umQINh9nzTn8crbSuI3ixRtQYxstxU91/
0wrgV03YF297n6bwVhawEDPU8obZzFgQRiKOjghE6h4YBVccWxMI9n42PwVc+G/Z
X48wuSavpOEV6WEC+hWtALl/W73uH3jF2iK8rPBcDENheRlFi/y5+XeOK8TGJftS
6raj+IgbgERaY3uXcRoi0mLflpzxvGBYlTiJRRj7H7HFZO6v14hYyEMVrWmhFUiZ
Xgy/qxHdWd/NW4AZz8Ke+ZMaJr21DozzI8ejug9shD7O/N31ZNq2qsNmxEweCPvt
yMauTPAUutApHTEUXfwCdOy+ZGgTtWDnOC+g3ezkAOdigvjFcwlFH0Sbjxnhxbbp
LVLz7tHwyKa5Xcwet0ZRH3WCHBsTzzkpsgxoyEMabE2KGS461uZw20t2uZozNsV0
bniy26PJZ5xGrFOSZYUa
=wBKW
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWcmPk4x+lLeg9Ub1AQg0SRAAhP0QqIGfzkIFzPwA6fJffC/wRfIqs8m+
IxBykySuWnVBZ6EheNGqmLmyEoz+bGLT2pV5aegjyYE4bOM/4zqoOG4pgG/63fLm
ySHPMXfuFWSBeYHRl3TXwux7StRlfr5PNyOhdPW2AnjLMFsaBVdhU9fg7T8XmX5i
rBDYoOF/6uiVwz2mNbgWCVzmgdiXUzqU1jcweJ5MfYyf1QhkaIIOKCfrGqqBGOqK
moLXjax8ZS2zpxEUvhHjySpkfhcmG5sxyDLz0eXDeakSLOMG6kF7brVo+NNLdCNY
C9XjZHHD3DGjv3ddTdfxkrv93c6RkfpyFecGO+Rt5+P5GvIMGC9oBMI1cTYaBRk8
axViY4TXh3DcG9J8pFO/w2TgFjXAIOBiPQeovp3SW6wSoQe8vmYt4Z8UBE31X/or
S+hQIkJWIxrdcwdNg2PNBiAPHWPIcbMcowWkC+C+fq7fmVqzyw0ithdpY9Ngviq5
00pd+ExyKS4Wot//JE1zSFEFuerUbK0K+r3/2Rn63mAvQLwLkvuNbZnCdJxPMeQr
KXQ/Z6QVqLuEGs1zp3J9yXFaoCfnIu1BA0K5nkHIcOPtpnfT7zj/UIClzx+xgevC
4dMZs10jIMJlIDoddqKG+kJ1bAyDsNRTt/vhdkxmsgwNnDEf8w++2ZJ4ISW3pi9R
AQmAjzWXCnc=
=zaTl
-----END PGP SIGNATURE-----