#MACOS SIERRA SECURITY CODE#
Impact: Processing a maliciously crafted image may lead to arbitrary code executionĬVE-2017-13814: Australian Cyber Security Centre – Australian Signals Directorate This issue was addressed by removing the affected file.ĬVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure Impact: A quarantined HTML file may execute arbitrary JavaScript cross-originĭescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed with improved validation.ĬVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams Impact: An attacker in a privileged network position may be able to impersonate a serviceĭescription: A validation issue existed in the handling of the KDC-REP service name. of Mobile Advanced Threat Team of Trend MicroĬVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum Impact: Rendering untrusted text may lead to spoofingĭescription: An inconsistent user interface issue was addressed with improved state management.ĬVE-2017-13828: Leonard Grey and Robert Sesek of Google ChromeĬVE-2017-13811: V.E.O. This was addressed with input sanitization.ĬVE-2017-13801: xisigr of Tencent's Xuanwu Lab ()ĭescription: Multiple issues were addressed by updating to version 5.31. Impact: Searching pasted text in the Dictionary widget may lead to compromise of user informationĭescription: A validation issue existed which allowed local file access. Impact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memoryĬVE-2017-1000101: Brian Carpenter, Yongji Ouyang Impact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memoryĭescription: An out-of-bounds read was addressed with improved bounds checking.ĬVE-2017-1000100: Even Rouault, found by OSS-Fuzz
Impact: Processing a maliciously crafted font file may lead to arbitrary code executionĬVE-2017-13825: Australian Cyber Security Centre – Australian Signals DirectorateĪvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memoryĬVE-2017-13821: Australian Cyber Security Centre – Australian Signals DirectorateĪvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code executionĭescription: A memory consumption issue was addressed with improved memory handling.ĬVE-2017-13807: Yangkang of Qihoo 360 Qex TeamĪvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6ĬVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day InitiativeĬVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative Impact: Processing a maliciously crafted font may result in the disclosure of process memoryĭescription: A memory corruption issue was addressed with improved input validation. Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code executionĭescription: A validation issue was addressed with improved input sanitization. Impact: An application may be able to execute arbitrary code with system privilegesĭescription: A memory corruption issue was addressed with improved memory handling.ĬVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.
Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem dataĭescription: An issue existed in the handling of DMA. Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6ĭescription: Multiple issues were addressed by updating to version 2.4.27.
0 kommentar(er)
