![el capitan for mac 10.13.1 el capitan for mac 10.13.1](https://i.ytimg.com/vi/cJ_8MIpkXCE/maxresdefault.jpg)
- EL CAPITAN FOR MAC 10.13.1 UPDATE
- EL CAPITAN FOR MAC 10.13.1 ANDROID
- EL CAPITAN FOR MAC 10.13.1 CODE
This was addressed with improved credential validation. Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s passwordĭescription: A logic error existed in the validation of credentials. Not impacted: macOS Sierra 10.12.6 and earlier This issue was addressed with improved bounds checking.Īvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.1 Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memoryĭescription: An out-of-bounds read issue existed in the FTP PWD response parsing.
EL CAPITAN FOR MAC 10.13.1 CODE
Impact: An application may be able to execute arbitrary code with elevated privilegesĬVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab working with Trend Micro's Zero Day InitiativeĬVE-2017-7151: Samuel Groß added October 18, 2018 This issue was addressed with improved handling of user information.ĬVE-2017-13892: Ryan Manly of Glenbrook High School District 225 Impact: Sharing contact information may lead to unexpected data sharingĭescription: An issue existed in the handling of Contact sharing. Impact: An application may be able to execute arbitrary code with system privilegesĭescription: A memory corruption issue was addressed with improved memory handling.ĬVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative Impact: An application may be able to gain elevated privilegesĭescription: A race condition was addressed with additional validation.ĬVE-2017-13905: Samuel Groß added October 18, 2018Īvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1 Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memoryĭescription: Multiple issues were addressed by updating to version 2.4.28.
![el capitan for mac 10.13.1 el capitan for mac 10.13.1](http://dosdude1.com/highsierra/tutorialimages/step12.png)
This was addressed with improved state management.Īvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1
EL CAPITAN FOR MAC 10.13.1 UPDATE
It should go without saying that users should update to one of the three macOS versions where this bug has received a fix.Impact: APFS encryption keys may not be securely deleted after hibernatingĭescription: A logic issue existed in APFS when deleting keys during hibernation. Veo published today a report on this flaw, and this might change in the future.
![el capitan for mac 10.13.1 el capitan for mac 10.13.1](https://support.apple.com/library/content/dam/edam/applecare/images/en_US/macbookpro/macbook-pro-mid-2010-17in-device.jpg)
The researcher said he is not aware or does not believe that someone used this vulnerability in the wild before his disclosure.
EL CAPITAN FOR MAC 10.13.1 ANDROID
Android maintainers said they don't plan to fix the issue because "fsck_msdos runs under a very restricted SELinux domain," and it wouldn't be able to do any damage. Veo said he reached out to other vendors but none except the Android team have responded. The fsck_msdos utility is shared by many *NIX-based operating systems, such as Linux, Android, and BSD-based systems. Surprisingly, Veo found the bug (CVE-2017-13811) while searching for bugs in Android's source code.
![el capitan for mac 10.13.1 el capitan for mac 10.13.1](https://d.ibtimes.co.uk/en/full/1442721/mac-el-capitan.jpg)
Other operating systems are also affected "The vulnerability allows arbitrary code to be executed with system-level privileges, which potentially lets a malicious device (such as the mentioned flash disks or SD cards) take over the entire system when the said device is inserted into the vulnerable system," said Veo Zhang, a security researcher working on Trend Micro's mobile threats analysis team, and the one who discovered the issue.Īs Veo explains, the bug is caused by a piece of code that fails to increase the value of a variable, resulting in a "-1" value that causes a memory corruption.Īttackers can create malicious USB thumb drives that cause this memory corruption on purpose and use it execute malicious code on macOS devices just by plugging in the USB into one of the Mac's ports.īecause fsck_msdos reads the USB automatically, the malicious code runs without user interaction within the context of the fsck_msdos tool, which is SYSTEM-level, because fsck_msdos is a system utility. This tool runs automatically whenever users connect a FAT-formatted USB or SD storage device to their Mac. The vulnerability affects fsck_msdos, system tool that Apple included in macOS to check and fix errors in storage devices formatted with the FAT filesystem. Details have emerged about one of the vulnerabilities patched by Apple in macOS on October 31, with the release of macOS High Sierra 10.13.1, Sierra 10.12.6, and El Capitan 10.11.6.