Apple macOS High Sierra 10.13.3 – Multiple Vulnerabilities

Apple has released security updates that address multiple vulnerabilities in Apple macOS Sierra 10.12.6, 10.13.2, and OS X El Capitan 10.11.6.

This update resolves 17 vulnerabilities in the following components of the affected software: audio, curl, IOHIDFamily, kernel, LinkPresentation, QuartzCore, sandbox, security, WebKit, and Wi-Fi. The vulnerabilities are due to improper memory handling, insufficient validation of user-supplied input, improper security restrictions, and insufficient bounds checking by the affected software. An attacker could exploit some of these vulnerabilities by persuading a targeted user to open a crafted file or execute a malicious application. A successful exploit could allow the attacker to execute arbitrary code, gain elevated privileges, access sensitive information, or cause an application to terminate unexpectedly, resulting in a denial of service (DoS) condition on the targeted system.

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

Apple has released a security advisory at the following link: HT208465

Apple security updates can be downloaded by using the Software Update feature of the Mac App Store.

CVE Numbers :-

CVE-2017-5754      CVE-2017-8817      CVE-2018-4082
CVE-2018-4084      CVE-2018-4085      CVE-2018-4086
CVE-2018-4088      CVE-2018-4089      CVE-2018-4090
CVE-2018-4091      CVE-2018-4092      CVE-2018-4093
CVE-2018-4094      CVE-2018-4096      CVE-2018-4097
CVE-2018-4098      CVE-2018-4100