Apple has released a security update to address nearly two dozen vulnerabilities in macOS High Sierra.
The update comes little more than a week after Apple had to kick out an emergency fix to close up a glaring hole in macOS that allowed anyone with access to a Mac (either in person or remote) to bypass the login screen and act as a root account.
This week’s High Sierra update, numbered 10.13.2, addresses a total of 22 CVE-listed flaws in various components of the macOS operating system. Eight of the patched flaws could potentially allow code execution with system privileges if targeted.
Eight flaws were patched in the macOS Kernel itself. Those flaws, which can be targeted by installed applications, include two code execution vulnerabilities and six bugs that allow applications to read restricted memory sections.
The macOS Screen Sharing Server contains a bug that will be reminiscent of last week’s ‘IAmRoot’ fiasco. That flaw, CVE-2017-13826, discovered by Toronto researcher Trevor Jacques, would let anyone with screen sharing access to a Mac to operate with root privileges, thanks to an error in the permissions handling.
The Intel Graphics Driver used by the Mac was the subject of three vulnerabilities, two of them found by Ian Beer of Google Project Zero. They include two arbitrary code execution bugs (CVE-2017-13883, CVE-2017-13875) and one (CVE-2017-13878) that could allow an attacker to crash the system or read kernel memory contents.

密码是第一道防线,但是很多时候,它们对于保护敏感的数据如员工记录,客户名单,及信用卡并不足够。
通州区与廊坊北三县地区整合规划将出 万通地产涨停
In the macOS Mail app, a bug (CVE-2017-13871) could cause some S/MIME encrypted messages to be sent out unencrypted, and a flaw in Mail Drafts (CVE-2017-13860) could allow for messages to be intercepted and read.
Those using older versions of macOS will get a separate update known as Security Update 2017-002 on Sierra and 2017-005 El Capitan. iTunes on Windows will also get an update.
Those who own multiple pieces of Apple-branded kit will find themselves with something of a backlog in patches. Earlier this week, Apple released an update for iOS that included security and stability fixes, followed by patches for tvOS and watchOS. ®
黑客事件催生数据安全管理系统,黑客获取用户的数据会给被攻击者造成金钱和信誉的损失,加强关键数据的安全保护也让第三方数据管理系统有了用武之地。

猜您喜欢

企业文化的涵义及企业文化建设的具体措施
BYOS带来的数据安全风险胜过BYOD
网络安全法实施宣传
性感女星桥本爱实自曝择偶标准:年入百万才嫁
NTTA STPETEFORPEACE
工作环境安全之尾随防范