APPLE-SA-2016-09-20 macOS Sierra 10.12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20 macOS Sierra 10.12 macOS Sierra 10.12 is now available and addresses the following: apache Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to proxy traffic through an arbitrary server Description: An issue existed in the handling of the HTTP_PROXY environment variable. This issue was addressed by not setting the HTTP_PROXY environment variable from CGI. CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend apache_mod_php Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution. Description: Multiple issues in PHP were addressed by updating PHP to version 5.6.24. CVE-2016-5768 : Apple CVE-2016-5769 : Apple CVE-2016-5770 : Apple CVE-2016-5771 : Apple CVE-2016-5772 : Apple CVE-2016-5773 : Apple CVE-2016-6174 : Apple CVE-2016-6288 : Apple CVE-2016-6289 : Apple CVE-2016-6290 : Apple CVE-2016-6291 : Apple CVE-2016-6292 : Apple CVE-2016-6294 : Apple CVE-2016-6295 : Apple CVE-2016-6296 : Apple CVE-2016-6297 : Apple Apple HSSPI Support Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4697 : Qidan He(@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative AppleEFIRuntime Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4696 : Shrek_wzw of Qihoo 360 Nirvan Team AppleMobileFileIntegrity Available for: OS X El Capitan v10.11.6 Impact: A local application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the task port inheritance policy. This issue was addressed through improved validation of the process entitlement and Team ID. CVE-2016-4698 : Pedro Vilaça AppleUUC Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-4699 : Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-4700 : Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro’s Zero Day Initiative Application Firewall Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to cause a denial of service Description: A validation issue existed in the handling of firewall prompts. This issue was addressed through improved validation of SO_EXECPATH. CVE-2016-4701 : Meder Kydyraliev Google Security Team ATS Available for: OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4779 : riusksk of Tencent Security Platform Department Audio Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702 : YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Bluetooth Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4703 : Juwei Lin(@fuzzerDOTcn) of Trend Micro cd9660 Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to cause a system denial of service Description: An input validation issue was addressed through improved memory handling. CVE-2016-4706 : Recurity Labs on behalf of BSI (German Federal Office for Information Security) CFNetwork Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to discover websites a user has visited Description: An issue existed in Local Storage deletion. This issue was addressed through improved Local Storage cleanup. CVE-2016-4707 : an anonymous researcher CFNetwork Available for: OS X El Capitan v10.11.6 Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708 : Dawid Czagan of Silesia Security Lab CommonCrypto Available for: OS X El Capitan v10.11.6 Impact: An application using CCrypt may disclose sensitive plaintext if the output and input buffer are the same Description: An input validation issue existed in corecrypto. This issue was addressed through improved input validation. CVE-2016-4711 : Max Lohrmann CoreCrypto Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712 : Gergo Koteles CoreDisplay Available for: OS X El Capitan v10.11.6 Impact: A user with screen sharing access may be able to view another user's screen Description: A session management issue existed in the handling of screen sharing sessions. This issue was addressed through improved session tracking. CVE-2016-4713 : Ruggero Alberti curl Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in curl Description: Multiple security issues existed in curl prior to version 7.49.1. These issues were addressed by updating curl to version 7.49.1. CVE-2016-4606 : Isaac Boukris Date & Time Pref Pane Available for: OS X El Capitan v10.11.6 Impact: A malicious application may be able to determine a user's current location Description: An issue existed in the handling of the .GlobalPreferences file. This was addressed though improved validation. CVE-2016-4715 : Taiki (@Taiki__San) at ESIEA (Paris) DiskArbitration Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to execute arbitrary code with system privileges Description: An access issue existed in diskutil. This issue was addressed through improved permissions checking. CVE-2016-4716 : Alexander Allen of The North Carolina School of Science and Mathematics File Bookmark Available for: OS X El Capitan v10.11.6 Impact: A local application may be able to cause a denial of service Description: A resource management issue existed in the handling of scoped bookmarks. This issue was addressed through improved file descriptor handling. CVE-2016-4717 : Tom Bradley of 71Squared Ltd FontParser Available for: OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718 : Apple IDS - Connectivity Available for: OS X El Capitan v10.11.6 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A spoofing issue existed in the handling of Call Relay. This issue was addressed through improved input validation. CVE-2016-4722 : Martin Vigo (@martin_vigo) of salesforce.com <http://salesforce.com/> Intel Graphics Driver Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4723 : daybreaker of Minionz IOAcceleratorFamily Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4724 : Cererdlong, Eakerqiu of Team OverSky IOAcceleratorFamily Available for: OS X El Capitan v10.11.6 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725 : Rodger Combs of Plex, Inc IOAcceleratorFamily Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726 : an anonymous researcher IOThunderboltFamily Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4727 : wmin working with Trend Micros Zero Day Initiative Kerberos v5 PAM module Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may determine the existence of user accounts Description: A timing side channel allowed an attacker to determine the existence of user accounts on a system. This issue was addressed by introducing constant time checks. CVE-2016-4745 : an anonymous researcher Kernel Available for: OS X El Capitan v10.11.6 Impact: A local application may be able to access restricted files Description: A parsing issue in the handling of directory paths was addressed through improved path validation. CVE-2016-4771 : Balazs Bucsay, Research Director of MRG Effitas Kernel Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772 : Marc Heuse of mh-sec Kernel Available for: OS X El Capitan v10.11.6 Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773 : Brandon Azad CVE-2016-4774 : Brandon Azad CVE-2016-4776 : Brandon Azad Kernel Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775 : Brandon Azad Kernel Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777 : Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778 : CESG libarchive Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. CVE-2016-4736 : Proteas of Qihoo 360 Nirvan Team libxml2 Available for: OS X El Capitan v10.11.6 Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658 : Nick Wellnhofer CVE-2016-5131 : Nick Wellnhofer libxslt Available for: OS X El Capitan v10.11.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738 : Nick Wellnhofer mDNSResponder Available for: OS X El Capitan v10.11.6 Impact: A remote attacker may be able to view sensitive information Description: Applications using VMnet.framework enabled a DNS proxy listening on all network interfaces. This issue was addressed by restricting DNS query responses to local interfaces. CVE-2016-4739 : Magnus Skjegstad, David Scott and Anil Madhavapeddy from Docker, Inc. NSSecureTextField Available for: OS X El Capitan v10.11.6 Impact: A malicious application may be able to leak a user's credentials Description: A state management issue existed in NSSecureTextField, which failed to enable Secure Input. This issue was addressed through improved window management. CVE-2016-4742 : Daniel Jalkut of Red Sweater Software, Rick Fillion of AgileBits Perl Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to bypass the taint protection mechanism Description: An issue existed in the parsing of environment variables. This issue was addressed through improved validation of environment variables. CVE-2016-4748 : Stephane Chazelas S2 Camera Available for: OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4750 : Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro’s Zero Day Initiative Security Available for: OS X El Capitan v10.11.6 Impact: An application using SecKeyDeriveFromPassword may leak memory Description: A resource management issue existed in the handling of key derivation. This issue was addressed by adding CF_RETURNS_RETAINED to SecKeyDeriveFromPassword. CVE-2016-4752 : Mark Rogers of PowerMapper Software Security Available for: OS X El Capitan v10.11.6 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753 : Mark Mentovai of Google Inc. Terminal Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to leak sensitive user information Description: A permissions issue existed in .bash_history and .bash_session. This issue was addressed through improved access restrictions. CVE-2016-4755 : Axel Luttgens WindowServer Available for: OS X El Capitan v10.11.6 Impact: A local user may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4709 : an anonymous researcher CVE-2016-4710 : an anonymous researcher macOS Sierra 10.12 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4WmQAAoJEIOj74w0bLRGj6MP/29Mwf687H9bTKHADaGN2xtO IwtwiG8tv+Dv2K+1bGQxuMbz40KdUbSYZdv7CzVR2Qrln6xqWJDn0ZJ1ZlwzxRrd RuOtzV3ImcQetswQ6gK30UtU2O2T8uXvS6jcvAx0bCY+0vpDW8pFxxfbVYdRQ0RI Zu6MMqo3hOhtMu2hnBR1dBI3HAjb1DSJ5UUFGv5jCA1bn4IbF5V8bESzkG1K7M2u uHL2fI3fMT8g/csSkITD9gVgZ5qGrybtY8nn9jEvnLL2fURJ9KGZGNQUA/ie1bUF Qj2dYkumdglP5U1XAJLiU82iRtGHQz0kpKqyHMYwFUfD8waMuOFMLrJ8bIOVLufL tJUOMJojDQvCnnNI7iJp4vVWjZwHtg40eWJ4Khg87PqoqrVBjd90nCPz+TnlrfUx yALeuyIIeo658x4NWKGar0ASmTVap2QeYio80EzimU7sy9D5hYG9EW+gLMBUbVrW Zd8a02weLKRGdJuI4Jp9avG0JBazK4+WlhzYFGzr2xhZtXeGzLjX3zdhsIu0YPFr mEaXZuEIGarQQiB/b4Astgp/z9OpuOkMgLzVwzHJ4Am+yL7yEphsSSxYdPN92mqd ubCjrQNYPks3LajtjUexNC4x316RQADpk9nw1jJAMPCYVu9TU00dIERz8TYw2KZt ZxoKTgBPg4/7ECqkUX6u =B+vb -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com