—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008

OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:

apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.29, the most serious of which may have led to remote code
execution. These were addressed by updating PHP to version 5.5.30.
CVE-ID
CVE-2015-7803
CVE-2015-7804

AppSandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox’s handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt

Bluetooth
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Bluetooth HCI
interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7108 : Ian Beer of Google Project Zero

CFNetwork HTTPProtocol
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)

Compression
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru

Configuration Profiles
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local attacker may be able to install a configuration
profile without admin privileges
Description: An issue existed when installing configuration
profiles. This issue was addressed through improved authorization
checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software

CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team

CoreMedia Playback
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075

Disk Images
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7110 : Ian Beer of Google Project Zero

EFI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A path validation issue existed in the kernel loader.
This was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7063 : Apple

File Bookmark
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A path validation issue existed in app scoped
bookmarks. This was addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7071 : Apple

Hypervisor
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A use after free issue existed in the handling of VM
objects. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-7078 : Ian Beer of Google Project Zero

iBooks
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)

ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple

Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A null pointer dereference issue was addressed through
improved input validation.
CVE-ID
CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and
JeongHoon Shin@A.D.D

Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Intel Graphics
Driver. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of
TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D

Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An out of bounds memory access issue existed in the
Intel Graphics Driver. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-7077 : Ian Beer of Google Project Zero

IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro

IOHIDFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero

IOKit SCSI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero

IOThunderboltFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference existed in
IOThunderboltFamily’s handling of certain userclient types. This
issue was addressed through improved validation of
IOThunderboltFamily contexts.
CVE-ID
CVE-2015-7067 : Juwei Lin of TrendMicro

Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)

Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero

Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero

kext tools
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A validation issue existed during the loading of kernel
extensions. This issue was addressed through additional verification.
CVE-ID
CVE-2015-7052 : Apple

Keychain Access
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to masquerade as the
Keychain Server.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent. This issue was resolved by removing legacy
functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University
Bloomington, Xiaolong Bai of Indiana University Bloomington and
Tsinghua University, Tongxin Li of Peking University, Kai Chen of
Indiana University Bloomington and Institute of Information
Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-
Min Hu of Tsinghua University, and Xinhui Han of Peking University

libarchive
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift

libc
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)

libexpat
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in expat
Description: Multiple vulnerabilities existed in expat version prior
to 2.1.0. These were addressed by updating expat to versions 2.1.0.
CVE-ID
CVE-2012-0876 : Vincent Danen
CVE-2012-1147 : Kurt Seifried
CVE-2012-1148 : Kurt Seifried

libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University

OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks

OpenLDAP
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote unauthenticated client may be able to cause a
denial of service
Description: An input validation issue existed in OpenLDAP. This
issue was addressed through improved input validation.
CVE-ID
CVE-2015-6908

OpenSSH
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in LibreSSL
Description: Multiple vulnerabilities existed in LibreSSL versions
prior to 2.1.8. These were addressed by updating LibreSSL to version
2.1.8.
CVE-ID
CVE-2015-5333
CVE-2015-5334

QuickLook
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107

Sandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple

Security
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.

Security
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google

Security
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may gain access to a user’s Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058

System Integrity Protection
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
execute arbitrary code with system privileges
Description: A privilege issue existed in handling union mounts.
This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7044 : MacDefender

Installation note:

Security Update 2015-008 is recommended for all users and improves the
security of OS X. After installing this update, the QuickTime 7 web
browser plug-in will no longer be enabled by default. Learn what to
do if you still need this legacy plug-in.
https://support.apple.com/en-us/HT205081

OS X El Capitan v10.11.2 includes the security content of
Safari 9.0.2: https://support.apple.com/en-us/HT205639

OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained
from the Mac App Store or Apple’s Software Downloads web site:
http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j
PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn
+XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ
jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz
0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g
OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s
Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36
Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB
BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY
Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx
rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T
gvIdn3N1k8hWpmYDjxZd
=Yi/n
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)