StorageKit
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.
CVE-2017-7149: Matheus Mariano of Leet Tech
Security
Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.
CVE-2017-7150: Patrick Wardle of Synack
New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.
'취약점 정보2' 카테고리의 다른 글
| Apple iOS 보안 업데이트 권고 (0) | 2017.10.10 |
|---|---|
| Dnsmasq 업데이트 안내 (0) | 2017.10.10 |
| apache 업데이트 안내 (0) | 2017.10.04 |
| Cisco 제품군 취약점 보안 업데이트 권고 (0) | 2017.09.28 |
| Apple(macOS Server, macOS, iCloud for Windows) 보안 업데이트 권고 (0) | 2017.09.28 |