Apple fixes leaks in mac Os High Sierra with 10.13.2 Update

Pius Serugo

Pius Serugo

, Technology

Apple has released the macOS High Sierra 10.13.2 as an update for all its compatible Mac machines. The update does not include any new features but has a number of stability and security improvements for nearly two dozen vulnerabilities.

The update comes a week later following Apple’s move to kick out an emergency for a glaring hole in macOS that allowed anyone with access to a Mac (either in person or remote) to bypass the login screen and act as a root account.

The update has been made available for all Mac machines starting from 2009 that are eligible for macOS High Sierra.

According to Shaun Nicholas, a Technology writer based in San Francisco, the patched flaws could potentially allow code execution with system privileges if targeted. Those flaws, which can be targeted by installed applications, include two code execution vulnerabilities and six bugs that allow applications to read restricted memory sections.

The macOS Screen Sharing Server has a bug that will be reminiscent of last week’s ‘IAmRoot’ fiasco. That flaw, CVE-2017-13826, discovered by Toronto researcher Trevor Jacques, would let anyone with screen sharing access to a Mac to operate with root privileges, all as a result of an error in the permissions handling.

The Intel Graphics Driver used by the Mac was the subject of three vulnerabilities, two of them found by Ian Beer of Google Project Zero. They include two arbitrary code execution bugs (CVE-2017-13883, CVE-2017-13875) and one (CVE-2017-13878) that could allow an attacker to crash the system or read kernel memory contents.

In the macOS Mail app, a bug (CVE-2017-13871) could cause some S/MIME encrypted messages to be sent out unencrypted, and a flaw in Mail Drafts (CVE-2017-13860) could allow for messages to be intercepted and read.

Those using older versions of macOS will get a separate update known as Security Update 2017-002 on Sierra and 2017-005 El Capitan. iTunes on Windows will also get an update.

Those who own multiple pieces of Apple-branded kit will find themselves with something of a backlog in patches. Earlier this week, Apple released an update for iOS that included security and stability fixes, followed by patches for tvOS and watchOS.

 

Views: 1,803
  • 76
  •  
  •  
  •  
  •  
  •  

Comments

comments

Tags

, ,

Category

Technology

Date

You May Also Like

Why Buy an expensive Phone time in time out?

Why your BIC pen has a hole in its lid

LG Rolls Up Display With A 65-Inch OLED TV

Facebook lets people know when their pictures pop up

How can we successfully introduce technology to our children?

HMD Global to Launch Nokia 9 and 8 Early Next Year.

More Posts From: Technology

Uganda’s fading dream for electric train

Israeli Company Creates Backpack with Bulletproof Vest

MPs concerned over high power tariffs

Zuckerberg Says Facebook 'Better Prepared' for Election Meddling

US Imposes Sanctions on N. Korean IT Firms

Updated Apple System Takes on Smartphone Addiction