Apple has released security updates that address multiple vulnerabilities in Apple macOS Sierra 10.12.6, 10.13.2, and OS X El Capitan 10.11.6.
This update resolves 17 vulnerabilities in the following components of the affected software: audio, curl, IOHIDFamily, kernel, LinkPresentation, QuartzCore, sandbox, security, WebKit, and Wi-Fi. The vulnerabilities are due to improper memory handling, insufficient validation of user-supplied input, improper security restrictions, and insufficient bounds checking by the affected software. An attacker could exploit some of these vulnerabilities by persuading a targeted user to open a crafted file or execute a malicious application. A successful exploit could allow the attacker to execute arbitrary code, gain elevated privileges, access sensitive information, or cause an application to terminate unexpectedly, resulting in a denial of service (DoS) condition on the targeted system.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to allow only privileged users to access administration or management systems.
Administrators are advised to monitor affected systems.
Apple has released a security advisory at the following link: HT208465
Apple security updates can be downloaded by using the Software Update feature of the Mac App Store.
CVE Numbers :-
CVE-2017-5754 CVE-2017-8817 CVE-2018-4082
CVE-2018-4084 CVE-2018-4085 CVE-2018-4086
CVE-2018-4088 CVE-2018-4089 CVE-2018-4090
CVE-2018-4091 CVE-2018-4092 CVE-2018-4093
CVE-2018-4094 CVE-2018-4096 CVE-2018-4097
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.