Apple Security Advisory 2017-01-23-2 - macOS 10.12.3 is now available and addresses suffers from code execution and various other security vulnerabilities.
4c40e5dbd35093797941e97f507065322698c00b5f58f1d348c313103335398b
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-2 macOS 10.12.3
macOS 10.12.3 is now available and addresses the following:
apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version 5.6.28.
CVE-2016-8670
CVE-2016-9933
CVE-2016-9934
Bluetooth
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2353: Ian Beer of Google Project Zero
Graphics Drivers
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2358: Team Pangu and lokihardt at PwnFest 2016
Help Viewer
Available for: macOS Sierra 10.12.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A cross-site scripting issue was addressed through
improved URL validation.
CVE-2017-2361: lokihardt of Google Project Zero
IOAudioFamily
Available for: macOS Sierra 10.12.2
Impact: An application may be able to determine kernel memory layout
Description: An uninitialized memory issue was addressed through
improved memory management.
CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: macOS Sierra 10.12.2
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
Vim
Available for: macOS Sierra 10.12.2
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An input validation issue existed in modelines. This was
addressed through improved input validation.
CVE-2016-1248: Florian Larysch
WebKit
Available for: macOS Sierra 10.12.2
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
macOS 10.12.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2
tBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ
toj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds
LhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9
HOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn
+I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo
cbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG
HmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T
Nyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u
loqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD
M7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK
ykSG8JpyNuTNAl1HJtv6
=pBIh
-----END PGP SIGNATURE-----