Apple Patches Vulnerabilities in macOS, watchOS, and tvOS

Apple this week released security updates for macOS, watchOS, and tvOS, as well as updated versions of the Safari browser and the iTunes for Windows application.
The company addressed a total of 22 vulnerabilities with the release of macOS High Sierra 10.13.2 this week (some of the patches were also included in Security Update 2017-002 Sierra and Security Update 2017-005 El Capitan).
万通地产:募集资金存放与实际使用情况的专项报告
Affected components included apache, curl, Directory Utility, Intel Graphics Driver, IOAcceleratorFamily, IOKit, Kernel, Mail, Mail Drafts, OpenSSL, and Screen Sharing Server. Kernel was impacted the most, with 8 bugs addressed in it.
Many of these flaws could result in attackers or malicious applications executing arbitrary code with either kernel or system privileges. Other vulnerabilities, however, could result in disclosure of process memory, administrator authentication bypass, and system termination, or could allow applications to read restricted memory.
黑客可能会制作击键记录软件,并安装在公共电脑上,公司应该教育员工不要在未知的公共电脑上进行和公司相关的业务操作。

Impacting macOS High Sierra 10.13.1, the flaw in Mail could result in an S/MIME encrypted email being inadvertently sent unencrypted if the receiver’s S/MIME certificate was not installed, Apple notes in an advisory.
A total of 9 vulnerabilities were addressed with the release of watchOS 4.2. One of the bugs impacts IOSurface, another affects Wi-Fi, while the remaining 7 were resolved in Kernel. Most of the bugs could result in an application executing arbitrary code with kernel privileges or reading restricted memory.
Affecting Apple Watch (1st Generation) and Apple Watch Series 3, the Wi-Fi bug allowed an attacker in Wi-Fi range to force nonce reuse in WPA multicast/GTK clients.
The issue, known as Key Reinstallation Attacks or KRACK, was discovered earlier this year in the Wi-Fi standard itself, thus impacting all implementations, industrial networking devices included. Apple addressed the bug in most of its products in late October.
Released on Monday, tvOS 11.2 resolves 10 vulnerabilities: one in IOSurface, another in Wi-Fi, and 8 in Kernel. Essentially, it fixes the 9 bugs addressed with watchOS 4.2, along with one other issue in Kernel.
These 10 security vulnerabilities, along with 4 others (one in IOKit, one in IOMobileFrameBuffer, one in Mail, and another in Mail Drafts), were also addressed in iOS with the release of iOS 11.2 on December 2.
On Wednesday, December 6, Apple also released Safari 11.0.2 and iTunes 12.7.2 for Windows, but hasn’t provided information on the security content of these updates.
In late November, Apple released a security update for macOS High Sierra in an effort to patch a critical authentication bypass vulnerability that can be easily exploited to gain root access to a system.
Related: Apple Patches Dangerous KRACK Wi-Fi Vulnerabilities
Normal 0 false false false EN-US X-NONE X-NONE Normal 0 false false false EN-US X-NONE X-NONE
Related: Apple Silently Patched macOS Security Bypass Flaw
Related: Apple Patches Critical Root Access Flaw in macOS
对大多数互联网用户来说,密码安全是令人头痛的事,安全级别较低的网站使用相同的密码倒无所谓,但是对安全级别较高的网络应用如电子商务,要使用不同的密码,不过,要记住这些不同的密码也是一件不小的挑战。

猜您喜欢

【江苏省工商行政管理局信息系统安全等级保护测评及安全服务招标 https://www.skxox.com/20170822/0929110810.html
网络信息安全小调
网络安全法宣传视频系列001《网络安全法》背景知识
泸州小区底楼业主私挖地下室?原是开发商建设所留
BELLEDOLOMITI BARLAGRASSA
如何提升涉密人员的信息安全与保密责任感