macOS Sierra 10.12.3
Released January 23, 2017
apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP version 5.6.28.
CVE-2016-8670
CVE-2016-9933
CVE-2016-9934
Bluetooth
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved memory management.
CVE-2017-2353: Ian Beer of Google Project Zero
Graphics Drivers
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2358: Team Pangu and lokihardt at PwnFest 2016
Help Viewer
Available for: macOS Sierra 10.12.2
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A cross-site scripting issue was addressed through improved URL validation.
CVE-2017-2361: lokihardt of Google Project Zero
IOAudioFamily
Available for: macOS Sierra 10.12.2
Impact: An application may be able to determine kernel memory layout
Description: An uninitialized memory issue was addressed through improved memory management.
CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow issue was addressed through improved memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: macOS Sierra 10.12.2
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
Vim
Available for: macOS Sierra 10.12.2
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: An input validation issue existed in modelines. This was addressed through improved input validation.
CVE-2016-1248: Florian Larysch
'취약점 정보2' 카테고리의 다른 글
| Apple(iTunes, Safari, iCloud, Mac OS Sierra, iOS, tvOS, watchOS, GarageBand, Logic Pro X) 보안 업데이트 권고 (0) | 2017.01.24 |
|---|---|
| iOS 10.2.1 update (0) | 2017.01.24 |
| iCloud for Windows 6.1.1 update (0) | 2017.01.24 |
| Safari 10.0.3 update (0) | 2017.01.24 |
| iTunes 12.5.5 for Windows update (0) | 2017.01.24 |