Updates for MAC including recent Zero Day - Are you caught up?
It's December; let's not forget about the MAC community and the recent updates available for the MAC OS.
Since the release of macOS Sierra 10.12.1, Security Update 2016-002 El Capitan, and Security Update 2016-006 Yosemite on the 24th of October 2016, there have been a number of updates to both Apple and 3rd-party products.
Here are some highlights to consider and possible updates you may want to verify you have.
November 30th - Zero Day Critical update CVE-2016-9079 for a use-after-free vulnerability in SVG Animation in Mozilla Firefox, Firefox ESR, and Thunderbird allowing
attackers to execute arbitrary malicious code on a target machine.
Although there have only been documented active exploits on computers running Windows, the vulnerability is present in the Mac OS X version of the browser.
November 29th - Update CVE-2016-4780 for a null pointer de-reference issue in macOS Sierra 10.12 Thunderbolt allowing applications to execute arbitrary code with kernel privileges. This update includes improved input validation.
November 27th - 2 Updates for macOS Sierra 10.12:
-
AppleMobileFileIntegrity had a validation issue where a signed executable could substitute code with the same team ID. Update CVE-2016-7584 added additional validation.
-
FontParser had a buffer overflow in the handling of font files where a maliciously crafted font file could lead to arbitrary code execution. Update CVE-2016-4688 added improved bounds checking.
November 14th - Update CVE-2016-7580 for an issue in macOS Sierra 10.12 Mail where a malicious website could cause a denial of service. This update includes improved URL handling.
November 8th - Critical update APSB16-37 for Adobe Flash Player. This update contains 9 different CVEs to address a vulnerability that could allow malicious native code to execute without a user being aware.