Updates for MAC including recent Zero Day – Are you caught up?

updates for macOS Sierra

It’s December; let’s not forget about the MAC community and the recent updates available for the MAC OS.

Since the release of macOS Sierra 10.12.1, Security Update 2016-002 El Capitan, and Security Update 2016-006 Yosemite on the 24th of October 2016, there have been a number of updates to both Apple and 3rd-party products.

Here are some highlights to consider and possible updates you may want to verify you have.

November 30th – Zero Day Critical update CVE-2016-9079 for a use-after-free vulnerability in SVG Animation in Mozilla Firefox, Firefox ESR, and Thunderbird allowing attackers to execute arbitrary malicious code on a target machine.

Although there have only been documented active exploits on computers running Windows, the vulnerability is present in the Mac OS X version of the browser.

November 29th – Update CVE-2016-4780 for a null pointer de-reference issue in macOS Sierra 10.12 Thunderbolt allowing applications to execute arbitrary code with kernel privileges. This update includes improved input validation.

November 27th – 2 Updates for macOS Sierra 10.12:

  • AppleMobileFileIntegrity had a validation issue where a signed executable could substitute code with the same team ID. Update CVE-2016-7584 added additional validation.

  • FontParser had a buffer overflow in the handling of font files where a maliciously crafted font file could lead to arbitrary code execution. Update CVE-2016-4688 added improved bounds checking.

November 14th – Update CVE-2016-7580 for an issue in macOS Sierra 10.12 Mail where a malicious website could cause a denial of service. This update includes improved URL handling.

November 8th – Critical update APSB16-37 for Adobe Flash Player.  This update contains 9 different CVEs to address a vulnerability that could allow malicious native code to execute without a user being aware.