Apple nowadays released new versions of iOS and macOS Sierra and addressed some overlapping code execution vulnerabilities in each its cellular and laptop working systems.
The updates had been part of a much bigger unlock of security updates from Apple that also protected Safari, iCloud for windows, and watchOS.
the most critical of the bugs have been a pair of kernel vulnerabilities, CVE-2017-2370 and CVE-2017-2360, which could allow a malicious software to execute code with the highest kernel privileges. both bugs, a buffer overflow and use-after-free vulnerability, have been reported by means of Google mission Zero's Ian Beer and had been patched in iOS 10.2.1 and macOS Sierra 10.12.3.
A critical libarchive buffer overflow vulnerability, CVE-2016-8687, became also patched in iOS and macOS Sierra.
"Unpacking a maliciously crafted archive might also lead to arbitrary code execution," Apple observed.
Apple additionally patched eleven vulnerabilities within the iOS implementation of WebKit, a half-dozen of which lead to arbitrary code execution, while three others attackers could abuse with crafted net content to exfiltrate facts pass-foundation.
lots of the identical Webkit vulnerabilities had been also patched in Safari, which was up to date to edition 10.0.3.
Rounding out the iOS replace, Apple patched a flaw in Auto release that could unencumber when Apple Watch is off the user's wrist, along with a controversy that may crash the Contacts utility, and one other Wi-Fi subject that may demonstrate a person's home display even if the equipment is locked.
The macOS Sierra update also patched code execution vulnerabilities in other add-ons, together with its Bluetooth implementation and images Drivers (code execution with kernel privileges), support Viewer, and the Vim text editor.
The Safari replace additionally patched a vulnerability within the handle bar, CVE-2017-2359, that may be exploited if visiting a malicious web site, allowing an attacker to spoof the URL.
tvOS became up-to-date to edition 10.1.1, and the same kernel, libarchive and webkit vulnerabilities existing in iOS were patched within the Apple tv OS (4th technology).
The watchOS replace, 3.1.3, turned into a large one as well with patches for 33 CVEs, together with 17 code execution vulnerability.
The iCloud for windows 6.1.1 update, for windows 7 and later, also patched four Webkit vulnerabilities addressed in other product updates, all off which result in arbitrary code execution.
No comments: