Apple fixed 141 vulnerabilities across multiple products including macOS Sierra, iOS, watchOS, tvOS, iCloud, Safari, and iTunes. Most of the vulnerabilities exist in some instances with root privileges (41 in iOS 41, 37 in macOS Sierra23 in tvOS and 12 in watchOS) and could lead to arbitrary code execution.

Apple also fixed 26 vulnerabilities in Safari browser, which could lead to arbitrary code execution. The rest of the vulnerabilities could lead to universal cross-site scripting, the exfiltration of data cross-origin, application termination, and spoofing. Out of 26, 23 vulnerabilities exist in WebKit web browser engine.

Apple also fixed arbitrary code execution vulnerabilities in iCloud and iTunes for Windows.

macOS Sierra Security Update (HT207797):

Affected Platforms: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5

Affected Components: This update fixes the vulnerabilities 802.1X, Accessibility Framework, CoreAnimation, CoreAudio, DiskArbitration, HFS, IOGraphics, IOSurface, Intel Graphics Driver, Kernel, Multi-Touch, NVIDIA Graphics Drivers, SQLite, Sandbox, Security, Speech Framework, TextInput, WindowServer, and iBooks.

Vulnerability Details: Multiple vulnerabilities like buffer overflow, memory consumption, memory corruption, race condition, use after free, validation issue, access issues and URL handling issues exists in the above software.

Impact: These above vulnerabilities may lead to the execution of arbitrary code, opening arbitrary websites without user permission, escape its sandbox, gain kernel/system privileges and read restricted memory.

Assigned CVE’s: CVE-2017-2494, CVE-2017-2497, CVE-2017-2501, CVE-2017-2502, CVE-2017-2503, CVE-2017-2507, CVE-2017-2509, CVE-2017-2512, CVE-2017-2513, CVE-2017-2516, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2524, CVE-2017-2527, CVE-2017-2533, CVE-2017-2534, CVE-2017-2535, CVE-2017-2537, CVE-2017-2540, CVE-2017-2541, CVE-2017-2542, CVE-2017-2543, CVE-2017-2545, CVE-2017-2546, CVE-2017-2548, CVE-2017-6977, CVE-2017-6978, CVE-2017-6979, CVE-2017-6981, CVE-2017-6983, CVE-2017-6985, CVE-2017-6986, CVE-2017-6987, CVE-2017-6988, CVE-2017-6990, CVE-2017-6991

iOS Security Update (HT207798):

Affected platforms: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Affected components: AVEVideoEncoder, CoreAudio, IOSurface, Kernel, Notifications, SQLite, Safari, Security, TextInput, WebKit, WebKit Web Inspector, and iBooks.

Vulnerability details: Multiple vulnerabilities like, URL handling, buffer overflow, A logic issue existed, memory corruption, race condition, use after free, validation issue and denial of service exists in the above components.

Impact: The above vulnerabilities may lead to the execution of arbitrary code, opening arbitrary websites without user permission, escape its sandbox, gain kernel/system privileges and read restricted memory.

Assigned CVE’s:CVE-2017-2495, CVE-2017-2496, CVE-2017-2497, CVE-2017-2498, CVE-2017-2499, CVE-2017-2501, CVE-2017-2502, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2507, CVE-2017-2508, CVE-2017-2510, CVE-2017-2513, CVE-2017-2514, CVE-2017-2515, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6979, CVE-2017-6980, CVE-2017-6981, CVE-2017-6982, CVE-2017-6983, CVE-2017-6984, CVE-2017-6987, CVE-2017-6989, CVE-2017-6991

watchOS Security Update (HT207800):

Affected platforms: All Apple Watch models

Affected components: CoreAudio, IOSurface, Kernel, SQLite, TextInput, and WebKit.

Vulnerability details: Multiple buffer overflow, memory corruption, race condition, use after free, validation vulnerabilities exists in the above components.

Impact: The above vulnerabilities may lead to the execution of arbitrary code, gain kernel privileges, and read restricted memory area.

Assigned CVE’s: CVE-2017-2501, CVE-2017-2502, CVE-2017-2507, CVE-2017-2513, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-6979, CVE-2017-6987, CVE-2017-6989

tvOS Security Update (HT207801):

Affected platforms: Apple TV (4th generation)

Affected components: AVEVideoEncoder, CoreAudio, IOSurface, Kernel, SQLite, TextInput, WebKit and WebKit Web Inspector.

Vulnerability details: Multiple flaws like memory corruption, validation issue, race condition, use after free and buffer overflow exists in Apple TV.

Impact: The above vulnerabilities may lead to the execution of arbitrary code, gain kernel privileges, and read restricted memory area.

Assigned CVE’s: CVE-2017-2501, CVE-2017-2502, CVE-2017-2507, CVE-2017-2513, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-6979, CVE-2017-6987, CVE-2017-6989

iCloud Security Update (HT207803):

Affected platforms: Windows 7 and later

Affected components: WebKit

Vulnerability details: Multiple memory corruption vulnerabilities exists while memory handling.

Impact: The memory corruption vulnerabilities may lead to the execution of arbitrary code.

Assigned CVE: CVE-2017-2530

Safari Security Update (HT207804):

Affected platforms: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5

Affected components: Safari, WebKit, and WebKit Web Inspector.

Vulnerability details: Multiple flaws like memory corruption, logic issue, and inconsistent user interface exist in Safari, WebKit, and WebKit Web Inspector.

Impact: The above vulnerabilities may lead to the execution of arbitrary code and to cause denial of service.

Assigned CVE’s: CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984

iTunes Security Update (HT207805):

Affected platforms: iTunes 12.6.1 for Windows

Affected components: WebKit

Vulnerability details: Multiple memory corruption vulnerabilities exists while memory handling.

Impact: The memory corruption vulnerabilities may lead to the execution of arbitrary code.
Assigned CVE: CVE-2017-6984

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Summary
Article Name
Apple Releases Security Updates
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>