Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-100


Apple MacOS/OS X Multiple Vulnerabilities
Severity Rating: High
Systems Affected:
  • Apple MacOS/OS X versions 10.12.5 and prior
Description
Multiple vulnerabilities have been identified in Apple MacOS/OS X and they can be exploited by remote attackers to cause execution of arbitrary code, obtain potentially sensitive information from system memory and gain elevated privileges on the target system. The vulnerabilities reported are as follows:
  • An application can trigger a memory corruption error in the Intel Graphics Driver component to execute arbitrary code with system privileges.
 
  • A remote user can trigger a memory corruption error in the Audio component to obtain potentially sensitive information from restricted memory.
 
  • A remote user can trigger a memory corruption error in the afclip component to execute arbitrary code.
 
  • An application can trigger a memory corruption error in the AppleGraphicsPowerManagement component to execute arbitrary code with system privileges.
 
  • A remote user can trigger a memory corruption error in the Foundation component to execute arbitrary code.
 
  • An application can trigger a memory corruption error in the kext tools component to execute arbitrary code with system privileges.
 
  • A remote user can trigger a memory corruption error in the afclip component to execute arbitrary code.
 
  • An application can trigger a input validation flaw in the Intel Graphics Driver component to read restricted memory.
 
  • An application can trigger a memory corruption error in the Bluetooth component to execute arbitrary code with system privileges.
 
  • An application can trigger a memory corruption error in the Bluetooth component to execute arbitrary code with kernel privileges.
 
  • An application can trigger a input validation flaw in the the kernel component to read restricted memory.
  
Solution
Users are advised to apply updates.
More information is available on:
 
Vendor Information
Apple
 
CVE Information
 
References
Security Tracker
 
Apple Security Bulletin
 
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis