After a rushed release of iOS 11.2 over the weekend to fix a “December 2nd Crash” bug, and last weeks special update to fix the passwordless root authentication bypass in macOS, Apple today released its official set of security updates. With this, we also received details about the security issues patched in iOS this weekend. Apple’s different operating systems share a lot of code with each other, and as a result, they also share some vulnerabilities. I am trying to organize the details in a table below (starting with macOS. Others will be added soon)
Apple’s security updates can be found here: https://support.apple.com/en-us/HT201222
| Component | High Sierra | Sierra | El Capitan | Impact | Description | |
|---|---|---|---|---|---|---|
| Apache | x | x | x | Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory | Multiple issues were addressed by updating to version 2.4.28. | %%cve:2017-9798%% |
| cURL | x | x | x | Malicious FTP servers may be able to cause the client to read out-of-bounds memory | An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking. | %%cve:2017-1000254%% |
| Directory Utility | x | An attacker may be able to bypass administrator authentication without supplying the administrator’s password |
A logic error existed in the validation of credentials. This was addressed with improved credential validation. |
%%cve:2017-13872%% | ||
| Intel Graphics Driver | x | An application may be able to execute arbitrary code with kernel privileges | A memory corruption issue was addressed with improved memory handling. | %%cve:2017-13883%% | ||
| Intel Graphics Driver | x | A local user may be able to cause unexpected system termination or read kernel memory | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. | %%cve:2017-13878%% | ||
| Intel Graphics Driver | x | An application may be able to execute arbitrary code with system privileges | An out-of-bounds read was addressed through improved bounds checking. | %%cve:2017-13875%% | ||
| IOAcceleratorFamily | x | x | x | An application may be able to execute arbitrary code with system privileges | A memory corruption issue was addressed with improved memory handling. | %%cve:2017-13844%% |
| IOKit | x | An application may be able to execute arbitrary code with system privileges | An input validation issue existed in the kernel. This issue was addressed through improved input validation. | %%cve:2017-13848%%,%%cve:2017-13858%% | ||
| IOKit | x | x | x | An application may be able to execute arbitrary code with system privileges | Multiple memory corruption issues were addressed through improved state management. | %%cve:2017-13847%% |
| Kernel | x | x | x | An application may be able to execute arbitrary code with kernel privileges | A memory corruption issue was addressed with improved memory handling. | %%cve:2017-13862%% |
| Kernel | x | x | x | An application may be able to read restricted memory | An out-of-bounds read was addressed with improved bounds checking. | %%cve:2017-13833%% |
| Kernel | x | An application may be able to execute arbitrary code with kernel privileges | A memory corruption issue was addressed with improved memory handling. | %%cve:2017-13876%% | ||
| Kernel | x | x | x | An application may be able to read restricted memory | A type confusion issue was addressed with improved memory handling. | %%cve:2017-13855%% |
| Kernel | x | x | x | A malicious application may be able to execute arbitrary code with kernel privileges | A memory corruption issue was addressed with improved memory handling. | %%cve:2017-13867%% |
| Kernel | x | An application may be able to read restricted memory | A validation issue was addressed with improved input sanitization. | %%cve:2017-13865%% | ||
| Kernel | x | x | x | An application may be able to read restricted memory | A validation issue was addressed with improved input sanitization. | %%cve:2017-13868%%,%%cve:2017-13869%% |
| x | A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver’s S/MIME certificate is not installed | An inconsistent user interface issue was addressed with improved state management. | %%cve:2017-13871%% | |||
| Mail Drafts | x | An attacker with a privileged network position may be able to intercept mail | An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. | %%cve:2017-13860%% | ||
| OpenSSL | x | x | x | An application may be able to read restricted memory | An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking. | %%cve:2017-3735%% |
—
Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute
STI|Twitter|
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.