Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    Apple macOS Sierra Fixes 68 Vulnerabilities

    By
    SEAN MICHAEL KERNER
    -
    September 21, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Apple patches macOS Sierra

      Apple is patching 68 security issues in its desktop operating system as part of the release of its new macOS Sierra (10.12) milestone.

      Apple’s previous security update for its desktop operating system debuted Sept. 2 with OS X 10.11.6 fixing three zero-day flaws that were first patched in iOS. Starting with version 10.12, Apple has rebranded its desktop operating system from OS X to simply macOS.

      With macOS Sierra, the desktop update comes after Apple’s mobile release, with iOS 10 debuting Sept. 13. Once again, some security patches first made available on iOS are now coming to macOS. Among the issues first patched in iOS and now landing in macOS is CVE-2016-4708 in the CFNetwork component, which provides core networking technologies to both iOS and macOS.

      There are also multiple cryptographic flaws that were first fixed in iOS 10 that are now coming to macOS Sierra. CVE-2016-4711 is a flaw in the CommonCrypto library that could have enabled information disclosures. The CVE-2016-4712 vulnerability in Apple’s CoreCrypto library potentially could have enabled an application to execute arbitrary code.

      Apple’s kernel that is used in both iOS 10 and macOS Sierra also is being patched for eight vulnerabilities; CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777 and CVE-2016-4778 potentially could have enabled arbitrary code execution with full kernel privileges.

      While some attack vectors require hackers to use elaborate methods to exploit systems, macOS Sierra provides updates to help protect against a number of attacks that might not have been difficult to execute. Among those issues is a vulnerability (CVE-2016-4779) in Apple Type Service (ATS) reported by Chinese firm Tencent.

      “Processing a maliciously crafted font file may lead to arbitrary code execution,” Apple warns in its advisory.

      A team of researchers from Yonsei University in South Korea reported an interesting audio flaw (CVE-2016-4702) to Apple. The vulnerability potentially could have enabled a remote attacker to execute arbitrary code, due to a memory corruption issue with the audio library component.

      Although Apple benefits from reports provided by multiple groups of security researchers, for the macOS Sierra update, Trend Micro’s Zero-Day Initiative (ZDI) is well-represented. ZDI contributors reported five different flaws (CVE-2016-4727, CVE-2016-4750, CVE-2016-4697, CVE-2016-4699 and CVE-2016-4700). The ZDI pays security researchers to disclose vulnerabilities, which ZDI then responsibly discloses to the affected vendor.

      Another interesting vulnerability report for macOS Sierra came to Apple from Docker Inc., whose popular open-source application container engine and orchestration system now has a native client available on macOS. Magnus Skjegstad, David Scott and Anil Madhavapeddy from Docker Inc. discovered the CVE-2016-4739 vulnerability in the mDNSResponder component of macOS. The mDNSResponder is Apple’s service for enabling networking, including the Bonjour protocol. The CVE-2016-4739 vulnerability could have enabled a remote attacker to view sensitive information.

      In addition to the macOS Sierra updates, Apple also released Safari 10, providing 21 patches for vulnerabilities in Apple’s web browser. Nineteen of the 21 issues are in the WebKit rendering engine and involved memory corruption issues that could have led to arbitrary code execution and information disclosure.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×