![]() ![]() Impact: A local application may be able to execute arbitrary code with system privilegesĭescription: A validation issue existed in the task port inheritance policy. ![]() Impact: An application may be able to execute arbitrary code with kernel privilegesĭescription: A memory corruption issue was addressed through improved memory handling.ĬVE-2016-4697: Qidan He from KeenLab working with Trend Micro's Zero Day Initiativeĭescription: A null pointer dereference was addressed through improved input validation.ĬVE-2016-4696: Shrek_wzw of Qihoo 360 Nirvan Team ![]() Impact: Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.ĭescription: Multiple issues in PHP were addressed by updating PHP to version 5.6.24. This issue was addressed by not setting the HTTP_PROXY environment variable from CGI.ĬVE-2016-4694: Dominic Scheirlinck and Scott Geary of VendĪvailable for: OS X Lion v10.7.5 and later Impact: A remote attacker may be able to proxy traffic through an arbitrary serverĭescription: An issue existed in the handling of the HTTP_PROXY environment variable. To update your macOS operating system with the latest fixes, launch the Apple menu on your computer, select “About This Mac,” and click “Software Update.” If youre interested in learning a bit more about the new security fixes, you can read about them on Apple’s website.Available for: OS X Lion v10.7.5 and later The update also comes with security fixes for other parts of the macOS operating system, including the kernel, AppleGraphicsControl, and graphics drivers, as well as apps such as Time Machine, Messages, and Contacts. Apple fixed this issue “with improved memory management. Apple says that previous versions of the macOS Siri application featured “an API issue…in the handling of dictation requests.” Theoretically, a malicious application would have been able to exploit this bug “to initiate a dictation request without user authorization.” As for Notes, there was an access bug with the app that would have permitted a local user to open and view a user’s notes-even if they were locked. Apple says the fix will address a flaw in the current version of macOS, where “a user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.”Īlso notable on the privacy front are patches for Siri and Notes. The more recent patch is not as significant but still has notable privacy implications. In February, Apple patched a major FaceTime vulnerability, which made it possible for a hacker to eavesdrop on a user’s FaceTime calls. If you rely on Keychain to manage your passwords, this fix alone makes installing the updates a must.Īnother big fix included in this batch of security updates is a patch for a bug in FaceTime. With the latest MacOS version and security updates, the KeySteal vulnerability is officially a thing of the past. The flaw allows hackers to use a malicious app to steal passwords out of the Apple Keychain password manager. The biggest news to be found in these updates is that Apple has patched the KeySteal bug, a vulnerability discovered by an 18-year-old German researcher back in February. Users with these operating systems should update to the latest versions ASAP to avoid potential security threats. The macOS updates apply to macOS Mojave (Mojave Version 10.14.4), macOS High Sierra (Security Update 2019-002), and macOS Sierra (Security Update 2019-002). Apple Releases Security Updates for macOSĪpple recently released security updates across many of its products, including macOS and iOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |