ESB-2017.2425 - [OSX] macOS: Multiple vulnerabilities 2017-09-26

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2425
                          macOS High Sierra 10.13
                             26 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS
Publisher:         Apple
Operating System:  OS X
Impact/Access:     Root Compromise                -- Remote with User Interaction
                   Access Privileged Data         -- Remote with User Interaction
                   Denial of Service              -- Remote/Unauthenticated      
                   Provide Misleading Information -- Remote/Unauthenticated      
                   Unauthorised Access            -- Remote/Unauthenticated      
                   Reduced Security               -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-1000373 CVE-2017-11103 CVE-2017-10989
                   CVE-2017-9233 CVE-2017-7144 CVE-2017-7143
                   CVE-2017-7141 CVE-2017-7138 CVE-2017-7130
                   CVE-2017-7129 CVE-2017-7128 CVE-2017-7127
                   CVE-2017-7126 CVE-2017-7125 CVE-2017-7124
                   CVE-2017-7123 CVE-2017-7122 CVE-2017-7121
                   CVE-2017-7119 CVE-2017-7114 CVE-2017-7086
                   CVE-2017-7084 CVE-2017-7083 CVE-2017-7082
                   CVE-2017-7080 CVE-2017-7078 CVE-2017-7077
                   CVE-2017-7074 CVE-2017-6464 CVE-2017-6463
                   CVE-2017-6462 CVE-2017-6460 CVE-2017-6459
                   CVE-2017-6458 CVE-2017-6455 CVE-2017-6452
                   CVE-2017-6451 CVE-2017-0381 CVE-2016-9843
                   CVE-2016-9842 CVE-2016-9841 CVE-2016-9840
                   CVE-2016-9063 CVE-2016-9042 

Reference:         ESB-2017.1681
                   ESB-2017.1598
                   ESB-2017.1355
                   ESB-2017.1321
                   ESB-2017.1185
                   ESB-2017.0947
                   ESB-2017.0396
                   ESB-2017.0039

Original Bulletin: 
   https://support.apple.com/en-au/HT208144

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-09-25-1 macOS High Sierra 10.13

macOS High Sierra 10.13 is now available and addresses the following:

Application Firewall
Available for:  OS X Lion v10.8 and later
Impact: A previously denied application firewall setting may take
effect after upgrading
Description: An upgrade issue existed in the handling of firewall
settings. This issue was addressed through improved handling of
firewall settings during upgrades.
CVE-2017-7084: an anonymous researcher

AppSandbox
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7074: Daniel Jalkut of Red Sweater Software

Captive Network Assistant
Available for:  OS X Lion v10.8 and later
Impact: A local user may unknowingly send a password unencrypted over
the network
Description: The security state of the captive portal browser was not
obvious. This issue was addressed with improved visibility of the
captive portal browser security state.
CVE-2017-7143: an anonymous researcher

CFNetwork Proxies
Available for:  OS X Lion v10.8 and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.

CoreAudio
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro

Directory Utility
Available for:  OS X Lion v10.8 and later
Impact: A local attacker may be able to determine the Apple ID of the
owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID. This issue was addressed with improved access controls.
CVE-2017-7138: an anonymous researcher

file
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.30.
CVE-2017-7121: found by OSS-Fuzz
CVE-2017-7122: found by OSS-Fuzz
CVE-2017-7123: found by OSS-Fuzz
CVE-2017-7124: found by OSS-Fuzz
CVE-2017-7125: found by OSS-Fuzz
CVE-2017-7126: found by OSS-Fuzz

Heimdal
Available for:  OS X Lion v10.8 and later
Impact: An attacker in a privileged network position may be able to
impersonate a service
Description: A validation issue existed in the handling of the KDC-
REP service name. This issue was addressed through improved
validation.
CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams

IOFireWireFamily
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7077: Brandon Azad

IOFireWireFamily
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc.,
Benjamin Gnahm (@mitp0sh) of PDX

Kernel
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity

libc
Available for:  OS X Lion v10.8 and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google

libc
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373

libexpat
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233

Mail
Available for:  OS X Lion v10.8 and later
Impact: The sender of an email may be able to determine the IP
address of the recipient
Description: Turning off "Load remote content in messages" did not
apply to all mailboxes. This issue was addressed with improved
setting propagation.
CVE-2017-7141: an anonymous researcher

Mail Drafts
Available for:  OS X Lion v10.8 and later
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts. This issue was addressed with improved handling of mail
drafts meant to be sent encrypted.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher

ntp
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in ntp
Description: Multiple issues were addressed by updating to version
4.2.8p10
CVE-2017-6451: Cure53
CVE-2017-6452: Cure53
CVE-2017-6455: Cure53
CVE-2017-6458: Cure53
CVE-2017-6459: Cure53
CVE-2017-6460: Cure53
CVE-2017-6462: Cure53
CVE-2017-6463: Cure53
CVE-2017-6464: Cure53
CVE-2016-9042: Matthew Van Gundy of Cisco

Screen Lock
Available for:  OS X Lion v10.8 and later
Impact: Application Firewall prompts may appear over Login Window
Description: A window management issue was addressed through improved
state management.
CVE-2017-7082: Tim Kingman

Security
Available for:  OS X Lion v10.8 and later
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune
Darrud (@theflyingcorpse) of Bærum kommune, an anonymous researcher,
an anonymous researcher

SQLite
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to version
3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz

SQLite
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher

WebKit
Available for:  OS X Lion v10.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2017-7144: an anonymous researcher

zlib
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

Additional recognition

Security
We would like to acknowledge Abhinav Bansal of Zscaler, Inc.
for their assistance.

Installation note:

macOS 10.13 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGmSEP/0wgqASRSNneoBx/AMLk0Qac
mZhI8HuyJRTFwCOT7P7vkZTmoxtyOOdh4XaInvKMsW5I2G64YEmW86pcofHwdOTz
TSWIAdus34xErUZ13rMzfg8Z3XAberG1E31QU2y2EXenpJSZIL8nzLgt8ySPVyzu
PrQJxGxCMq1WAOSemGe+4rK2rMwpw5UDZyTbNPDi6lfKz0ZmtfvBzrgBq2xhA9iF
/2NVs5rRog38N6F6xR6GNqi0dVoZmh1umQINh9nzTn8crbSuI3ixRtQYxstxU91/
0wrgV03YF297n6bwVhawEDPU8obZzFgQRiKOjghE6h4YBVccWxMI9n42PwVc+G/Z
X48wuSavpOEV6WEC+hWtALl/W73uH3jF2iK8rPBcDENheRlFi/y5+XeOK8TGJftS
6raj+IgbgERaY3uXcRoi0mLflpzxvGBYlTiJRRj7H7HFZO6v14hYyEMVrWmhFUiZ
Xgy/qxHdWd/NW4AZz8Ke+ZMaJr21DozzI8ejug9shD7O/N31ZNq2qsNmxEweCPvt
yMauTPAUutApHTEUXfwCdOy+ZGgTtWDnOC+g3ezkAOdigvjFcwlFH0Sbjxnhxbbp
LVLz7tHwyKa5Xcwet0ZRH3WCHBsTzzkpsgxoyEMabE2KGS461uZw20t2uZozNsV0
bniy26PJZ5xGrFOSZYUa
=wBKW
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWcmPk4x+lLeg9Ub1AQg0SRAAhP0QqIGfzkIFzPwA6fJffC/wRfIqs8m+
IxBykySuWnVBZ6EheNGqmLmyEoz+bGLT2pV5aegjyYE4bOM/4zqoOG4pgG/63fLm
ySHPMXfuFWSBeYHRl3TXwux7StRlfr5PNyOhdPW2AnjLMFsaBVdhU9fg7T8XmX5i
rBDYoOF/6uiVwz2mNbgWCVzmgdiXUzqU1jcweJ5MfYyf1QhkaIIOKCfrGqqBGOqK
moLXjax8ZS2zpxEUvhHjySpkfhcmG5sxyDLz0eXDeakSLOMG6kF7brVo+NNLdCNY
C9XjZHHD3DGjv3ddTdfxkrv93c6RkfpyFecGO+Rt5+P5GvIMGC9oBMI1cTYaBRk8
axViY4TXh3DcG9J8pFO/w2TgFjXAIOBiPQeovp3SW6wSoQe8vmYt4Z8UBE31X/or
S+hQIkJWIxrdcwdNg2PNBiAPHWPIcbMcowWkC+C+fq7fmVqzyw0ithdpY9Ngviq5
00pd+ExyKS4Wot//JE1zSFEFuerUbK0K+r3/2Rn63mAvQLwLkvuNbZnCdJxPMeQr
KXQ/Z6QVqLuEGs1zp3J9yXFaoCfnIu1BA0K5nkHIcOPtpnfT7zj/UIClzx+xgevC
4dMZs10jIMJlIDoddqKG+kJ1bAyDsNRTt/vhdkxmsgwNnDEf8w++2ZJ4ISW3pi9R
AQmAjzWXCnc=
=zaTl
-----END PGP SIGNATURE-----

« Back to bulletins