ESB-2017.1774 - [OSX] macOS: Multiple vulnerabilities 2017-07-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1774
                               macOS 10.12.6
                               20 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          macOS
Publisher:        Apple
Operating System: OS X
Impact/Access:    Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                  Root Compromise                 -- Remote with User Interaction
                  Access Privileged Data          -- Remote with User Interaction
                  Denial of Service               -- Remote/Unauthenticated      
                  Provide Misleading Information  -- Remote with User Interaction
                  Reduced Security                -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-9417 CVE-2017-7468 CVE-2017-7069
                  CVE-2017-7068 CVE-2017-7067 CVE-2017-7062
                  CVE-2017-7054 CVE-2017-7051 CVE-2017-7050
                  CVE-2017-7047 CVE-2017-7045 CVE-2017-7044
                  CVE-2017-7036 CVE-2017-7035 CVE-2017-7033
                  CVE-2017-7032 CVE-2017-7031 CVE-2017-7029
                  CVE-2017-7028 CVE-2017-7027 CVE-2017-7026
                  CVE-2017-7025 CVE-2017-7024 CVE-2017-7023
                  CVE-2017-7022 CVE-2017-7021 CVE-2017-7017
                  CVE-2017-7016 CVE-2017-7015 CVE-2017-7014
                  CVE-2017-7013 CVE-2017-7010 CVE-2017-7009
                  CVE-2017-7008 CVE-2017-2629 CVE-2016-9594
                  CVE-2016-9586  

Reference:        ESB-2017.1686
                  ESB-2017.0814

- --------------------------BEGIN INCLUDED TEXT--------------------

APPLE-SA-2017-07-19-2 macOS 10.12.6

macOS 10.12.6 is now available and addresses the following:

afclip
Available for:  macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7016: riusksk () of Tencent Security Platform
Department

afclip
Available for:  macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7033: riusksk () of Tencent Security Platform
Department

AppleGraphicsPowerManagement
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team

Audio
Available for:  macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7015: riusksk () of Tencent Security Platform
Department

Bluetooth
Available for:  macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7050: Min (Spark) Zheng of Alibaba Inc.
CVE-2017-7051: Alex Plaskett of MWR InfoSecurity

Bluetooth
Available for:  macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7054: Lufeng Li of Qihoo 360 Vulcan Team, Alex Plaskett of
MWR InfoSecurity

Contacts
Available for:  macOS Sierra 10.12.5
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)

CoreAudio
Available for:  macOS Sierra 10.12.5
Impact: Processing a maliciously crafted movie file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
bounds checking.
CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team

curl
Available for:  macOS Sierra 10.12.5
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to version
7.54.0.
CVE-2016-9586
CVE-2016-9594
CVE-2017-2629
CVE-2017-7468

Foundation
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7031: HappilyCoded (ant4g0nist and r3dsm0k3)

Intel Graphics Driver
Available for:  macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7014: Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz
CVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab
()
CVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team

Intel Graphics Driver
Available for:  macOS Sierra 10.12.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team

IOUSBFamily
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7022: an anonymous researcher
CVE-2017-7024: an anonymous researcher

Kernel
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7023: an anonymous researcher

Kernel
Available for:  macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7025: an anonymous researcher
CVE-2017-7027: an anonymous researcher
CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for:  macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7026: an anonymous researcher

Kernel
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7028: an anonymous researcher
CVE-2017-7029: an anonymous researcher
CVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team

kext tools
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team

libarchive
Available for:  macOS Sierra 10.12.5
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-7068: found by OSS-Fuzz

libxml2
Available for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7010: Apple
CVE-2017-7013: found by OSS-Fuzz

libxpc
Available for:  macOS Sierra 10.12.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7047: Ian Beer of Google Project Zero

Wi-Fi
Available for:  macOS Sierra 10.12.5
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Additional recognition

curl
We would like to acknowledge Dave Murdock of Tangerine Element for
their assistance.

Installation note:

macOS 10.12.6 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWXA5oYx+lLeg9Ub1AQh10Q/9Hv3QJCnRMVKc+4nevGpjP7tCPlSPFxV1
HmtSuHbunpzugK1nlKhUtJO1FfNhTPbswcFg07pgBVx2bz0te/XSq5OGoJIorH8n
JuxXWaZjwQ81VI6leI8UCbDNhg01sguQoX8/mNYstRpWArBIvoz8msHRHN35+s8j
PyD5f5K+T42e0Du5SqCIKFaF5V9sBFcPtcGN+y2N3B39O0dCUSKSaQrRuVBDXMZj
mbhdhnnH97HcTYTFgWwJxev24Xx/fws2Hvw5vf55AMcv2ne+Sx1Tbl7hqkWpsk4f
ZXiENfZU0NHyKtAZcQeb/xxjA1FfPLBrXppsy41EO7CUoNo7KYgXMyz9gNcjy5zI
h9qzy82hVPLvejbEEXQflTIQXNL6dLE+Yst/PNRJ04CzA/YmYajVtBxlHQg7i8op
z0LD9qyGuGpXGYr46D15GhGuN3r3FyJIVyfxRrBq3Glm0IHXia9N6T2O0lzPRatZ
JhWi/7lzFw7ixf0Cy5hb4C7852afSwHFuGeyyrSydjFMTVdeqdN0pJqn2HHkPXr9
8Q4P4Fo8KcR9ajuVXJnCfHLOlgRN44lf6qm219Qh6Jbs28jQQ0xdK8pLUzCJh+/U
Oz/8IosHUr4blXYy4hyz5PcpFkHLcCpuTdzlfqZ4o4i/yq5ItIR17al9vlwasQpF
AIZGrOxsSkw=
=Wruq
-----END PGP SIGNATURE-----

« Back to bulletins