Apple Macos High Sierra vulnerabilities

CVE-2017-13824 [HIGH] CVE-2017-13824: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13824 Component: Open Scripting Architecture Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling.

CVE-2016-0736 [HIGH] CVE-2016-0736: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2016-0736 Component: CVE-2016-0736

CVE-2017-13837 [HIGH] CVE-2017-13837: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13837 Component: Installer Impact: A malicious application may be able to access the FileVault unlock key Description: This issue was addressed by removing additional entitlements.

CVE-2017-9050 [HIGH] CVE-2017-9050: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-9050 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A null pointer dereference was addressed with improved validation.

CVE-2017-13812 [HIGH] CVE-2017-13812: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13812 Component: Kernel Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. Description: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addres

CVE-2016-8743 [HIGH] CVE-2016-8743: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2016-8743 Component: CVE-2016-8743

CVE-2017-13843 [HIGH] CVE-2017-13843: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13843 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13820 [HIGH] CVE-2017-13820: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13820 Component: ATS Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved input validation.

CVE-2017-13838 [HIGH] CVE-2017-13838: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13838 Component: Sandbox Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-11103 [HIGH] CVE-2017-11103: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-11103 Component: Heimdal Impact: An attacker in a privileged network position may be able to impersonate a service Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.

CVE-2017-7143 [MEDIUM] CVE-2017-7143: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7143 Component: Captive Network Assistant Impact: A local user may unknowingly send a password unencrypted over the network Description: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state.

CVE-2017-13873 [MEDIUM] CVE-2017-13873: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13873 Component: Kernel Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. Description: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addr

CVE-2017-1000373 [MEDIUM] CVE-2017-1000373: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-1000373 Component: CVE-2017-1000373 Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1

CVE-2017-13851 [MEDIUM] CVE-2017-13851: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13851 Component: DesktopServices Impact: A local attacker may be able to observe unprotected user data Description: A file access issue existed with certain home folder files. This was addressed with improved access restrictions.

CVE-2017-6459 [MEDIUM] CVE-2017-6459: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-6459 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-13839 [MEDIUM] CVE-2017-13839: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13839 Component: Spotlight Impact: Spotlight may display results for files not belonging to the user Description: An access issue existed in Spotlight. This issue was addressed through improved access restrictions.

CVE-2017-7074 [MEDIUM] CVE-2017-7074: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7074 Component: AppSandbox Impact: An application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling.

CVE-2017-13823 [MEDIUM] CVE-2017-13823: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13823 Component: QuickTime Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13840 [MEDIUM] CVE-2017-13840: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13840 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13821 [MEDIUM] CVE-2017-13821: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13821 Component: CFString Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.