Update

Xcode 7.3.1

About the security content of Xcode 7.3.1

 

This document describes the security content of Xcode 7.3.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key. Where possible, CVE IDs are used to reference the vulnerabilities for further information. To learn about other security updates, see Apple security updates.

 

Xcode 7.3.1

 

Git

Available for: OS X El Capitan v10.11 and later

Impact: A remote attacker may be able to execute arbitrary code

Description: A heap-based buffer overflow issue existed in the handling of filenames. This issue was addressed by updating git to version 2.7.4.

 

CVE-ID

 

CVE‑2016‑2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Bugfix patches were backported from the ‘master’ front to plug heap corruption holes, to catch integer overflow in the computation of pathname lengths, and to get rid of the name_path API. Both of these would have resulted in writing over an under-allocated buffer when formulating pathnames while tree traversal.

 

CVE‑2016‑2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

A remote authenticated user can push a specially crafted repository to trigger a heap overflow and execute arbitrary code on the target system [CVE-2016-2315].

Lael Cellier (@ytrezq) reported this vulnerability.

 

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Safari 9.1

Désolé, cet article est seulement disponible en Anglais Américain. Pour le confort de l’utilisateur, le contenu est affiché ci-dessous dans une autre langue. Vous pouvez cliquer le lien pour changer de langue active.

Safari 9.1

Safari 9.1

What’s new Version 9.1:

 

  • Picture Element Support
  • iOS gesture events are now supported on Safari for OS X.
  • Fast-Tap on iOS
  • WebGL Rendering
  • Image Smoothing Quality for Canvas Rendering
  • CSS Enhancements

 

Fixes :

 

  • Multiple memory corruption issues were addressed through improved memory handling.
  • An issue existed where the text of a dialog included page-supplied text. This issue was addressed by no longer including that text.
  • An insufficient input validation issue existed in the handling of certain files. This was addressed through additional checks during file expansion.
  • A cookie storage issue existed in the Top Sites page. This issue was addressed through improved state management.
  • An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling.
  • Multiple memory corruption issues were addressed through improved memory handling.
  • A port redirection issue was addressed through additional port validation.
  • An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests.

 

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

OS X El Capitan v10.11.4

Désolé, cet article est seulement disponible en Anglais Américain. Pour le confort de l’utilisateur, le contenu est affiché ci-dessous dans une autre langue. Vous pouvez cliquer le lien pour changer de langue active.

The OS X El Capitan v10.11.4 Update improves the stability, compatibility, and security of your Mac, and is recommended for all users.

 

OS X El Capitan v10.11.4

 

OS X El Capitan v10.11.4 update :

Adds the ability to passcode-protect notes containing personal data in Notes
Adds the ability to sort notes alphabetically, by date created, or date modified in Notes
Adds the ability to import Evernote files into Notes
Adds support for sharing Live Photos between iOS and OS X via AirDrop and Messages
Addresses an issue that may cause RAW images to open slowly in Photos
Adds the ability for iBooks to store PDFs in iCloud, making them available across all your devices
Fixes an issue that prevented loading Twitter t.co links in Safari
Prevents JavaScript dialogs from blocking access to other webpages in Safari
Fixes an issue that prevented the VIPs mailbox from working with Gmail accounts
Fixes an issue that caused USB audio devices to disconnect
Improves the compatibility and reliability of Apple USB-C Multiport Adapters

 

OS X El Capitan v10.11.4 Enterprise content:

Fixes an issue that could cause a black screen after logging in as the root user
Fixes an issue that prevents using screen sharing to remotely click the Allow button or Always Allow button in Keychain Access
Fixes an issue that prevents Migration Assistant from opening when automatic login has been disabled using a configuration profile
Fixes an issue that prevents Mail from showing the date and time of certain Microsoft Exchange calendar events
Provides compatibility with the Cisco AnyConnect VPN client
Improves the reliability of connecting to a Personal Hotspot via Wi-Fi
For detailed information about the security content of this update, see Apple Security Updates.

 

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

OS X El Capitan v10.11.3

Désolé, cet article est seulement disponible en Anglais Américain. Pour le confort de l’utilisateur, le contenu est affiché ci-dessous dans une autre langue. Vous pouvez cliquer le lien pour changer de langue active.

The OS X El Capitan v10.11.3 Update is recommended for all OS X El Capitan users.

 

El Capitan

 

The OS X El Capitan v10.11.3 Update improves the stability, compatibility, and security of your Mac, and is recommended for all users.

OS X El Capitan v10.11.3 update : Fixes an issue that may prevent some Mac computers from waking from sleep when connected to certain 4K displays.

Enterprise content : Third-party .pkg file receipts stored in /var/db/receipts are now retained when upgrading from OS X Yosemite.

Security Updates (OS X El Capitan 10.11.3 and Security Update 2016-001) :

 

AppleGraphicsPowerManagement

 

  • Available for: OS X El Capitan v10.11 to v10.11.2
  • Impact: A local user may be able to execute arbitrary code with kernel privileges.
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1716 : moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent.

 

Disk Images

 

  • Available for: OS X El Capitan v10.11 to v10.11.2.
  • Impact: A local user may be able to execute arbitrary code with kernel privileges.
  • Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
  • CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team.

 

IOAcceleratorFamily

 

  • Available for: OS X El Capitan v10.11.0 to v10.11.2.
  • Impact: A local user may be able to execute arbitrary code with kernel privileges.
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1718 : Juwei Lin Trend Micro working with HP’s Zero Day Initiative.

 

IOHIDFamily

 

  • Available for: OS X El Capitan v10.11 to v10.11.2.
  • Impact: A local user may be able to execute arbitrary code with kernel privileges.
  • Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling.
  • CVE-2016-1719 : Ian Beer of Google Project Zero.

 

IOKit

 

  • Available for: OS X El Capitan v10.11 to v10.11.2.
  • Impact: A local user may be able to execute arbitrary code with kernel privileges.
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1720 : Ian Beer of Google Project Zero.

 

Kernel

 

  • Available for: OS X El Capitan v10.11 to v10.11.2.
  • Impact: A local user may be able to execute arbitrary code with kernel privileges.
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro.

 

libxslt

 

  • Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2.
  • Impact: Visiting a maliciously crafted website may lead to arbitrary code execution.
  • Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling.
  • CVE-2015-7995 : puzzor.

 

OSA Scripts

 

  • Available for: OS X El Capitan v10.11 to v10.11.2.
  • Impact: A quarantined application may be able to override OSA script libraries installed by the user.
  • Description: An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks.
  • CVE-2016-1729 : an anonymous researcher.

 

syslog

 

  • Available for: OS X El Capitan v10.11 to v10.11.2.
  • Impact: A local user may be able to execute arbitrary code with root privileges.
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs.

 

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

OS X Yosemite 10.10.5 Combo Update

The OS X Yosemite 10.10.5 update improves the stability, compatibility, and security of your Mac, and is recommended for all users.

 

OSX Yosemite

 

This update:

 

  • Improves compatibility with certain email servers when using Mail
  • Fixes an issue in Photos that prevented importing videos from GoPro cameras
  • Fixes an issue in QuickTime Player that prevented playback of Windows Media files

OSX Yosemite


For detailed information about the security content of this update, please visit:

http://support.apple.com/kb/HT201222

 

For more detailed information about this update, please visit:

http://support.apple.com/kb/HT205004.

 

Security Content

For detailed information about the security content of this update, see Apple security updates.See http://support.apple.com/kb/HT5044 article for details on how to verify the authenticity of this download.

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité