—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2016-09-20 macOS Sierra 10.12

macOS Sierra 10.12 is now available and addresses the following:

apache
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to proxy traffic through an
arbitrary server
Description: An issue existed in the handling of the HTTP_PROXY
environment variable. This issue was addressed by not setting the
HTTP_PROXY environment variable from CGI.
CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend

apache_mod_php
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in PHP, the most significant of which may
lead to unexpected application termination or arbitrary code
execution.
Description: Multiple issues in PHP were addressed by updating PHP to
version 5.6.24.
CVE-2016-5768 : Apple
CVE-2016-5769 : Apple
CVE-2016-5770 : Apple
CVE-2016-5771 : Apple
CVE-2016-5772 : Apple
CVE-2016-5773 : Apple
CVE-2016-6174 : Apple
CVE-2016-6288 : Apple
CVE-2016-6289 : Apple
CVE-2016-6290 : Apple
CVE-2016-6291 : Apple
CVE-2016-6292 : Apple
CVE-2016-6294 : Apple
CVE-2016-6295 : Apple
CVE-2016-6296 : Apple
CVE-2016-6297 : Apple

Apple HSSPI Support
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4697 : Qidan He(@flanker_hqd) from KeenLab working with
Trend Micro’s Zero Day Initiative

AppleEFIRuntime
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4696 : Shrek_wzw of Qihoo 360 Nirvan Team

AppleMobileFileIntegrity
Available for: OS X El Capitan v10.11.6
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698 : Pedro Vilaça

AppleUUC
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-4699 : Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Micro’s Zero Day Initiative
CVE-2016-4700 : Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Micro’s Zero Day Initiative

Application Firewall
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to cause a denial of service
Description: A validation issue existed in the handling of firewall
prompts. This issue was addressed through improved validation of
SO_EXECPATH.
CVE-2016-4701 : Meder Kydyraliev Google Security Team

ATS
Available for: OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4779 : riusksk of Tencent Security Platform Department

Audio
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702 : YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University

Bluetooth
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4703 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

cd9660
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to cause a system denial of service
Description: An input validation issue was addressed through improved
memory handling.
CVE-2016-4706 : Recurity Labs on behalf of BSI (German Federal Office
for Information Security)

CFNetwork
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707 : an anonymous researcher

CFNetwork
Available for: OS X El Capitan v10.11.6
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708 : Dawid Czagan of Silesia Security Lab

CommonCrypto
Available for: OS X El Capitan v10.11.6
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711 : Max Lohrmann

CoreCrypto
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712 : Gergo Koteles

CoreDisplay
Available for: OS X El Capitan v10.11.6
Impact: A user with screen sharing access may be able to view another
user’s screen
Description: A session management issue existed in the handling of
screen sharing sessions. This issue was addressed through improved
session tracking.
CVE-2016-4713 : Ruggero Alberti

curl
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in curl
Description: Multiple security issues existed in curl prior to
version 7.49.1. These issues were addressed by updating curl to
version 7.49.1.
CVE-2016-4606 : Isaac Boukris

Date & Time Pref Pane
Available for: OS X El Capitan v10.11.6
Impact: A malicious application may be able to determine a user’s
current location
Description: An issue existed in the handling of the
.GlobalPreferences file. This was addressed though improved
validation.
CVE-2016-4715 : Taiki (@Taiki__San) at ESIEA (Paris)

DiskArbitration
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An access issue existed in diskutil. This issue was
addressed through improved permissions checking.
CVE-2016-4716 : Alexander Allen of The North Carolina School of
Science and Mathematics

File Bookmark
Available for: OS X El Capitan v10.11.6
Impact: A local application may be able to cause a denial of service
Description: A resource management issue existed in the handling of
scoped bookmarks. This issue was addressed through improved file
descriptor handling.
CVE-2016-4717 : Tom Bradley of 71Squared Ltd

FontParser
Available for: OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718 : Apple

IDS – Connectivity
Available for: OS X El Capitan v10.11.6
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722 : Martin Vigo (@martin_vigo) of salesforce.com
<http://salesforce.com/>

Intel Graphics Driver
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4723 : daybreaker of Minionz

IOAcceleratorFamily
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724 : Cererdlong, Eakerqiu of Team OverSky

IOAcceleratorFamily
Available for: OS X El Capitan v10.11.6
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725 : Rodger Combs of Plex, Inc

IOAcceleratorFamily
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726 : an anonymous researcher

IOThunderboltFamily
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4727 : wmin working with Trend Micros Zero Day Initiative

Kerberos v5 PAM module
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may determine the existence of user
accounts
Description: A timing side channel allowed an attacker to determine
the existence of user accounts on a system. This issue was addressed
by introducing constant time checks.
CVE-2016-4745 : an anonymous researcher

Kernel
Available for: OS X El Capitan v10.11.6
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771 : Balazs Bucsay, Research Director of MRG Effitas

Kernel
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772 : Marc Heuse of mh-sec

Kernel
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773 : Brandon Azad
CVE-2016-4774 : Brandon Azad
CVE-2016-4776 : Brandon Azad

Kernel
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775 : Brandon Azad

Kernel
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777 : Lufeng Li of Qihoo 360 Vulcan Team

Kernel
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778 : CESG

libarchive
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed through improved input validation.
CVE-2016-4736 : Proteas of Qihoo 360 Nirvan Team

libxml2
Available for: OS X El Capitan v10.11.6
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658 : Nick Wellnhofer
CVE-2016-5131 : Nick Wellnhofer

libxslt
Available for: OS X El Capitan v10.11.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738 : Nick Wellnhofer

mDNSResponder
Available for: OS X El Capitan v10.11.6
Impact: A remote attacker may be able to view sensitive information
Description: Applications using VMnet.framework enabled a DNS proxy
listening on all network interfaces. This issue was addressed by
restricting DNS query responses to local interfaces.
CVE-2016-4739 : Magnus Skjegstad, David Scott and Anil Madhavapeddy
from Docker, Inc.

NSSecureTextField
Available for: OS X El Capitan v10.11.6
Impact: A malicious application may be able to leak a user’s
credentials
Description: A state management issue existed in NSSecureTextField,
which failed to enable Secure Input. This issue was addressed through
improved window management.
CVE-2016-4742 : Daniel Jalkut of Red Sweater Software, Rick Fillion
of AgileBits

Perl
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to bypass the taint protection
mechanism
Description: An issue existed in the parsing of environment
variables. This issue was addressed through improved validation of
environment variables.
CVE-2016-4748 : Stephane Chazelas

S2 Camera
Available for: OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750 : Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Micro’s Zero Day Initiative

Security
Available for: OS X El Capitan v10.11.6
Impact: An application using SecKeyDeriveFromPassword may leak memory
Description: A resource management issue existed in the handling of
key derivation. This issue was addressed by
adding CF_RETURNS_RETAINED to SecKeyDeriveFromPassword.
CVE-2016-4752 : Mark Rogers of PowerMapper Software

Security
Available for: OS X El Capitan v10.11.6
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753 : Mark Mentovai of Google Inc.

Terminal
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in .bash_history and
.bash_session. This issue was addressed through improved access
restrictions.
CVE-2016-4755 : Axel Luttgens

WindowServer
Available for: OS X El Capitan v10.11.6
Impact: A local user may be able to gain root privileges
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-4709 : an anonymous researcher
CVE-2016-4710 : an anonymous researcher

macOS Sierra 10.12 may be obtained
from the Mac App Store or Apple’s Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJX4WmQAAoJEIOj74w0bLRGj6MP/29Mwf687H9bTKHADaGN2xtO
IwtwiG8tv+Dv2K+1bGQxuMbz40KdUbSYZdv7CzVR2Qrln6xqWJDn0ZJ1ZlwzxRrd
RuOtzV3ImcQetswQ6gK30UtU2O2T8uXvS6jcvAx0bCY+0vpDW8pFxxfbVYdRQ0RI
Zu6MMqo3hOhtMu2hnBR1dBI3HAjb1DSJ5UUFGv5jCA1bn4IbF5V8bESzkG1K7M2u
uHL2fI3fMT8g/csSkITD9gVgZ5qGrybtY8nn9jEvnLL2fURJ9KGZGNQUA/ie1bUF
Qj2dYkumdglP5U1XAJLiU82iRtGHQz0kpKqyHMYwFUfD8waMuOFMLrJ8bIOVLufL
tJUOMJojDQvCnnNI7iJp4vVWjZwHtg40eWJ4Khg87PqoqrVBjd90nCPz+TnlrfUx
yALeuyIIeo658x4NWKGar0ASmTVap2QeYio80EzimU7sy9D5hYG9EW+gLMBUbVrW
Zd8a02weLKRGdJuI4Jp9avG0JBazK4+WlhzYFGzr2xhZtXeGzLjX3zdhsIu0YPFr
mEaXZuEIGarQQiB/b4Astgp/z9OpuOkMgLzVwzHJ4Am+yL7yEphsSSxYdPN92mqd
ubCjrQNYPks3LajtjUexNC4x316RQADpk9nw1jJAMPCYVu9TU00dIERz8TYw2KZt
ZxoKTgBPg4/7ECqkUX6u
=B+vb
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)