Apple Security updates May 2017 fixed 141 vulnerabilities across multiple products including macOS Sierra, iOS, watchOS, tvOS, iCloud, Safari, and iTunes. However, most of the vulnerabilities exist in some instances with root privileges (41 in iOS 41, 37 in macOS Sierra, 23 in tvOS, and 12 in watchOS) and could lead to arbitrary code execution. A reliable vulnerability management tool can prevent these attacks.
Apple Security updates May 2017 also fixed 26 vulnerabilities in the Safari browser, which could lead to arbitrary code execution. Moreover, the rest of the vulnerabilities could lead to universal cross-site scripting, the exfiltration of data cross-origin, application termination, and spoofing. However, Out of 26, 23 vulnerabilities exist in the WebKit web browser engine. A patch management solution can mitigate these vulnerabilities.
Apple also fixed arbitrary code execution vulnerabilities in iCloud and iTunes for Windows.
macOS Sierra Security Update (HT207797):
Affected Platforms: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Affected Components: This update finally fixes the vulnerabilities 802.1X, Accessibility Framework, CoreAnimation, CoreAudio, DiskArbitration, HFS, IOGraphics, IOSurface, Intel Graphics Driver, Kernel, Multi-Touch, NVIDIA Graphics Drivers, SQLite, Sandbox, Security, Speech Framework, TextInput, WindowServer, and iBooks.
Vulnerability Details: Also, multiple vulnerabilities like buffer overflow, memory consumption, memory corruption, race condition, use after free, validation issue, access issues and URL handling issues exists in the above software.
Impact: These above vulnerabilities may lead to the execution of arbitrary code, opening arbitrary websites without user permission, escape its sandbox, gain kernel/system privileges and read restricted memory.
Assigned CVE’s: CVE-2017-2494, CVE-2017-2497, CVE-2017-2501, CVE-2017-2502, CVE-2017-2503, CVE-2017-2507, CVE-2017-2509, CVE-2017-2512, CVE-2017-2513, CVE-2017-2516, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2524, CVE-2017-2527, CVE-2017-2533, CVE-2017-2534, CVE-2017-2535, CVE-2017-2537, CVE-2017-2540, CVE-2017-2541, CVE-2017-2542, CVE-2017-2543, CVE-2017-2545, CVE-2017-2546, CVE-2017-2548, CVE-2017-6977, CVE-2017-6978, CVE-2017-6979, CVE-2017-6981, CVE-2017-6983, CVE-2017-6985, CVE-2017-6986, CVE-2017-6987, CVE-2017-6988, CVE-2017-6990, CVE-2017-6991
iOS Security Update (HT207798):
Affected platforms: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Affected components: AVEVideoEncoder, CoreAudio, IOSurface, Kernel, Notifications, SQLite, Safari, Security, TextInput, WebKit, WebKit Web Inspector, and iBooks.
Vulnerability details: Multiple vulnerabilities like, URL handling, buffer overflow, A logic issue existed, memory corruption, race condition, use after free, validation issue and denial of service exists in the above components.
Impact: The above vulnerabilities may lead to the execution of arbitrary code, opening arbitrary websites without user permission, escape its sandbox, gain kernel/system privileges and read restricted memory.
Assigned CVE’s:CVE-2017-2495, CVE-2017-2496, CVE-2017-2497, CVE-2017-2498, CVE-2017-2499, CVE-2017-2501, CVE-2017-2502, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2507, CVE-2017-2508, CVE-2017-2510, CVE-2017-2513, CVE-2017-2514, CVE-2017-2515, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6979, CVE-2017-6980, CVE-2017-6981, CVE-2017-6982, CVE-2017-6983, CVE-2017-6984, CVE-2017-6987, CVE-2017-6989, CVE-2017-6991
watchOS Security Update (HT207800):
Affected platforms: All Apple Watch models
Affected components: CoreAudio, IOSurface, Kernel, SQLite, TextInput, and WebKit.
Vulnerability details: Multiple buffer overflow, memory corruption, race condition, use after free, validation vulnerabilities exists in the above components.
Impact: The above vulnerabilities may lead to the execution of arbitrary code, gain kernel privileges, and read restricted memory area.
Assigned CVE’s: CVE-2017-2501, CVE-2017-2502, CVE-2017-2507, CVE-2017-2513, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-6979, CVE-2017-6987, CVE-2017-6989
tvOS Security Update (HT207801):
Affected platforms: Apple TV (4th generation)
Affected components: AVEVideoEncoder, CoreAudio, IOSurface, Kernel, SQLite, TextInput, WebKit and WebKit Web Inspector.
Vulnerability details: Multiple flaws like memory corruption, validation issue, race condition, use after free and buffer overflow exists in Apple TV.
Impact: The above vulnerabilities may lead to the execution of arbitrary code, gain kernel privileges, and read restricted memory area.
Assigned CVE’s: CVE-2017-2501, CVE-2017-2502, CVE-2017-2507, CVE-2017-2513, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-6979, CVE-2017-6987, CVE-2017-6989
iCloud Security Update (HT207803):
Affected platforms: Windows 7 and later
Affected components: WebKit
Vulnerability details: Multiple memory corruption vulnerabilities exists while memory handling.
Impact: The memory corruption vulnerabilities may lead to the execution of arbitrary code.
Assigned CVE: CVE-2017-2530
Safari Security Update (HT207804):
Affected platforms: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
Affected components: Safari, WebKit, and WebKit Web Inspector.
Vulnerability details: Multiple flaws like memory corruption, logic issue, and inconsistent user interface exist in Safari, WebKit, and WebKit Web Inspector.
Impact: The above vulnerabilities may lead to the execution of arbitrary code and to cause denial of service.
Assigned CVE’s: CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
iTunes Security Update (HT207805):
Affected platforms: iTunes 12.6.1 for Windows
Affected components: WebKit
Vulnerability details: Multiple memory corruption vulnerabilities exists while memory handling.
Impact: The memory corruption vulnerabilities may lead to the execution of arbitrary code.
Assigned CVE: CVE-2017-6984
SecPod SanerNow detects these vulnerabilities and hence, automatically fixes it by applying security updates. Therefore, Download Saner now and keep your systems updated and secure.