Apple fixes leaks in mac Os High Sierra with 10.13.2 Update

Pius Serugo

Pius Serugo

, Technology

Apple has released the macOS High Sierra 10.13.2 as an update for all its compatible Mac machines. The update does not include any new features but has a number of stability and security improvements for nearly two dozen vulnerabilities.

The update comes a week later following Apple’s move to kick out an emergency for a glaring hole in macOS that allowed anyone with access to a Mac (either in person or remote) to bypass the login screen and act as a root account.

The update has been made available for all Mac machines starting from 2009 that are eligible for macOS High Sierra.

According to Shaun Nicholas, a Technology writer based in San Francisco, the patched flaws could potentially allow code execution with system privileges if targeted. Those flaws, which can be targeted by installed applications, include two code execution vulnerabilities and six bugs that allow applications to read restricted memory sections.

The macOS Screen Sharing Server has a bug that will be reminiscent of last week’s ‘IAmRoot’ fiasco. That flaw, CVE-2017-13826, discovered by Toronto researcher Trevor Jacques, would let anyone with screen sharing access to a Mac to operate with root privileges, all as a result of an error in the permissions handling.

The Intel Graphics Driver used by the Mac was the subject of three vulnerabilities, two of them found by Ian Beer of Google Project Zero. They include two arbitrary code execution bugs (CVE-2017-13883, CVE-2017-13875) and one (CVE-2017-13878) that could allow an attacker to crash the system or read kernel memory contents.

In the macOS Mail app, a bug (CVE-2017-13871) could cause some S/MIME encrypted messages to be sent out unencrypted, and a flaw in Mail Drafts (CVE-2017-13860) could allow for messages to be intercepted and read.

Those using older versions of macOS will get a separate update known as Security Update 2017-002 on Sierra and 2017-005 El Capitan. iTunes on Windows will also get an update.

Those who own multiple pieces of Apple-branded kit will find themselves with something of a backlog in patches. Earlier this week, Apple released an update for iOS that included security and stability fixes, followed by patches for tvOS and watchOS.

 

Views: 2,009
  • 76
  •  
  •  
  •  
  •  
  •  

Comments

comments

Tags

, ,

Category

Technology

Date

You May Also Like

Why Buy an expensive Phone time in time out?

Why your BIC pen has a hole in its lid

LG Rolls Up Display With A 65-Inch OLED TV

Facebook lets people know when their pictures pop up

How can we successfully introduce technology to our children?

HMD Global to Launch Nokia 9 and 8 Early Next Year.

More Posts From: Technology

Nissan Chairman Faces Arrest In Japan

Facebook gets more active to root out hate speech, violent speech on platform

Tech Firm Pays Refugees in Uganda to Train AI Algorithms

Nigerian Firm Takes Blame for Routing Google Traffic Through China

How the Africa50 deal will shape Rwanda’s tech hub

Google gets tough on sexual misconduct in the workplace