May 26, 2017

Apple Fixes 67 El Capitan Vulnerabilities

Apple announced a bunch of fixes of security flaws yesterday according to ComputerWorld:

“Apple yesterday updated OS X El Capitan to version 10.11.5, patching nearly 70 vulnerabilities as it began to wind down changes prior to the next iteration launching later this year.”

Stephen Brown, Directory of Product Management for Enterprise Mobility at LANDESK, told Computerworld, “The one QuickTime vulnerability, now patched, “is interesting in that social engineering could be employed to get a user to click on a video file, such as using a headline of the day that would be enticing to watch, such as ‘Funny Quotes from Donald Trump,’ and bad things ensue.”

Here are the details of Apple’s latest security fixes via Apple’s support website:

OS X El Capitan v10.11.5 and Security Update 2016-003

AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2015-8865 :
CVE-2016-3141 :
CVE-2016-3142 :
CVE-2016-4070 :
CVE-2016-4071 :
CVE-2016-4072 :
CVE-2016-4073 :
AppleGraphicsControl
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved validation.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro’s Zero Day Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with system privileges
Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1797 : lokihardt working with Trend Micro’s Zero Day Initiative
Audio
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through improved validation.
CVE-ID
CVE-2016-1798 : Juwei Lin of TrendMicro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved input validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user information
Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A configuration issue was addressed through additional restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with root privileges
Description: A configuration issue was addressed through additional restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro’s Zero Day Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: A null pointer dereference was addressed through improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow was addressed through improved bounds checking.
CVE-ID
CVE-2016-1812 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through improved locking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro’s Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1822 : CESG
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1825 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another user’s contact list
Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user information
Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com]
Multi-Touch
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro’s Zero Day Initiative
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen
Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later

Impact: An attacker in a privileged network position may be able to leak sensitive user information

Description: A protocol security issue was addressed by disabling SSLv2.

CVE-ID

CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt

OS X El Capitan v10.11.5 includes the security content of Safari 9.1.1.