Latest Updates for macOS Sierra and more…

Early last week Apple released update 10.12.1 for macOS Sierra, Security Update 2016-002 for El Capitan, and Security Update 2016-006 for Yosemite.  Updates were also released for 10.0.1 Safari and 10.1.1 for iOS. These updates were released just in time for an Apple hosted Mac-centric product event.

With update 10.12.1 for macOS Sierra being the first update available to Sierra since it was released, there are a number of fixes included for some of the most pressing issues identified in this latest operating system. Here are some of the fixes that are available with the 10.12.1 macOS Sierra:

  • An automatic smart album in Photos for Depth Effect images taken on iPhone 7 Plus
  • Improved compatibility between Microsoft Office and iCloud Desktop and Documents
  • Improved security and stability in Safari
  • Improved reliability of Auto Unlock with Apple Watch
  • Fixed issue where mail was prevented from updating when using a Microsoft Exchange account
  • Fixed issue where text was sometimes pasted incorrectly when using Universal Clipboard

macOS Sierra/El Capitan/Yosemite

macOS Sierra 10.12.1 includes fixes for 14 vulnerabilities, 2016-002 El Capitan includes fixes for 8 and 2016-006 Yosemite includes fixes for 5.

Many of the vulnerabilities relate to escalation of privilege, arbitrary code execution, information disclosure. Some of the more interesting vulnerabilities include:

  • CVE-2016-4661: An application may be able to cause a denial of service.
  • CVE-2016-4675: a libxpc component vulnerability where a local application may be able to execute arbitrary code with root privileges.
  • CVE-2016-4669: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel.

These examples are noteworthy because they are often used as the starting point to exploiting a system through social engineering. Once the hacker has access, the other vulnerabilities may be useful to gain additional access or information.

Safari 10.0.1

This update includes fixes for 4 vulnerabilities, all of which address the issue where processing malicious web content may lead to arbitrary code execution.  Since these vulnerabilities have to do with users visiting bad websites or web ads which may result in running malware, this update should be applied on all systems.

iOS 10.1.1

This update includes fixes for 17 vulnerabilities, one of which was just added today. These vulnerabilities span issues from arbitrary code execution to the leaking of sensitive user information.

Summary

It is highly likely that additional fixes will be added to the iOS update in the upcoming days. You can also expect to see a macOS Sierra 10.12.2 update released to the general user base real soon since the macOS Sierra 10.12.2 update is already in beta.

Sara Otremba

Sara Otremba has over 15 years of experience in Database Administration, Software Implementation, and Business Analysis. Sara came to Shavlik in 2015 from a software company where she worked for 16 years filling a variety of roles across IT, Support, Development and Product Management. Throughout the various roles, Sara was key to writing and implementing software requirements that adhered to compliance standards including PCI and SOX. Now as a Product Manager for Security with Shavlik, Sara brings a unique perspective from both the end user and the vendor point of view.