-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update
2017-001 El Capitan, and Security Update 2017-001 Yosemite

macOS Sierra 10.12.4, Security Update 2017-001 El Capitan,
and Security Update 2017-001 Yosemite are now available and
address the following:

apache
Available for:  macOS Sierra 10.12.3
Impact: A remote attacker may be able to cause a denial of service
Description: Multiple issues existed in Apache before 2.4.25. These
were addressed by updating LibreSSL to version 2.4.25.
CVE-2016-0736: an anonymous researcher
CVE-2016-2161: an anonymous researcher
CVE-2016-5387: an anonymous researcher
CVE-2016-8740: an anonymous researcher
CVE-2016-8743: an anonymous researcher

apache_mod_php
Available for:  macOS Sierra 10.12.3
Impact: Multiple issues existed in PHP before 5.6.30
Description: Multiple issues existed in PHP before 5.6.30. These were
addressed by updating PHP to version 5.6.30.
CVE-2016-10158
CVE-2016-10159
CVE-2016-10160
CVE-2016-10161
CVE-2016-9935

AppleGraphicsPowerManagement
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed through improved memory
handling.
CVE-2017-2421: @cocoahuke

AppleRAID
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2438: sss and Axis of 360Nirvanteam

Audio
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2430: an anonymous researcher working with Trend Microas
Zero Day Initiative
CVE-2017-2462: an anonymous researcher working with Trend Microas
Zero Day Initiative

Bluetooth
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of
Synopsys Software Integrity Group

Bluetooth
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team

Bluetooth
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2449: sss and Axis from 360NirvanTeam

Carbon
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted .dfont file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2017-2379: riusksk (ae3aY=) of Tencent Security Platform
Department, John Villamil, Doyensec

CoreGraphics
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An infinite recursion was addressed through improved
state management.
CVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform
Department

CoreMedia
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted .mov file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
.mov files. This issue was addressed through improved memory
management.
CVE-2017-2431: kimyok of Tencent Security Platform Department

CoreText
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2435: John Villamil, Doyensec

CoreText
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed through improved
input validation.
CVE-2017-2450: John Villamil, Doyensec

CoreText
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher

curl
Available for:  macOS Sierra 10.12.3
Impact: Maliciously crafted user input to libcurl API may allow
arbitrary code execution
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2016-9586: Daniel Stenberg of Mozilla

EFI
Available for:  macOS Sierra 10.12.3
Impact: A malicious Thunderbolt adapter may be able to recover the
FileVault 2 encryption password
Description: An issue existed in the handling of DMA. This issue was
addressed by enabling VT-d in EFI.
CVE-2016-7585: Ulf Frisk (@UlfFrisk)

FinderKit
Available for:  macOS Sierra 10.12.3
Impact: Permissions may unexpectedly reset when sending links
Description: A permission issue existed in the handling of the Send
Link feature of iCloud Sharing. This issue was addressed through
improved permission controls.
CVE-2017-2429

FontParser
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform
Department
CVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform
Department

FontParser
Available for:  macOS Sierra 10.12.3
Impact: Parsing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform
Department

FontParser
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed through improved
input validation.
CVE-2017-2439: John Villamil, Doyensec

HTTPProtocol
Available for:  macOS Sierra 10.12.3
Impact: A malicious HTTP/2 server may be able to cause undefined
behavior
Description: Multiple issues existed in nghttp2 before 1.17.0. These
were addressed by updating LibreSSL to version 1.17.0.
CVE-2017-2428

Hypervisor
Available for:  macOS Sierra 10.12.3
Impact: Applications using the Hypervisor framework may unexpectedly
leak the CR8 control register between guest and host
Description: An information leakage issue was addressed through
improved state management.
CVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc.

iBooks
Available for:  macOS Sierra 10.12.3
Impact: Parsing a maliciously crafted iBooks file may lead to local
file disclosure
Description: An information leak existed in the handling of file
URLs. This issue was addressed through improved URL handling.
CVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu
(@shhnjk)

ImageIO
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent

ImageIO
Available for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2432: an anonymous researcher working with Trend Micro's
Zero Day Initiative

ImageIO
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2467

ImageIO
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted image may lead to unexpected
application termination
Description: An out-of-bound read existed in LibTIFF versions before
4.0.7. This was addressed by updating LibTIFF in ImageIO to version
4.0.7.
CVE-2016-3619

Intel Graphics Driver
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2443: Ian Beer of Google Project Zero

IOATAFamily
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team

IOFireWireAVC
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2436: Orr A, IBM Security

IOFireWireAVC
Available for:  macOS Sierra 10.12.3
Impact: A local attacker may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security

IOFireWireFamily
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2017-2388: Brandon Azad, an anonymous researcher

Kernel
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team
CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team

Kernel
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-2410: Apple

Kernel
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2017-2440: an anonymous researcher

Kernel
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with root privileges
Description: A race condition was addressed through improved memory
handling.
CVE-2017-2456: lokihardt of Google Project Zero

Kernel
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2472: Ian Beer of Google Project Zero

Kernel
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2473: Ian Beer of Google Project Zero

Kernel
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An off-by-one issue was addressed through improved
bounds checking.
CVE-2017-2474: Ian Beer of Google Project Zero

Kernel
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2478: Ian Beer of Google Project Zero

Kernel
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2482: Ian Beer of Google Project Zero
CVE-2017-2483: Ian Beer of Google Project Zero

Keyboards
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-2458: Shashank (@cyberboyIndia)

libarchive
Available for:  macOS Sierra 10.12.3
Impact: A local attacker may be able to change file system
permissions on arbitrary directories
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2017-2390: Omer Medan of enSilo Ltd

libc++abi
Available for:  macOS Sierra 10.12.3
Impact: Demangling a malicious C++ application may lead to arbitrary
code execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2441

LibreSSL
Available for: macOS Sierra 10.12.3, and OS X El Capitan v10.11.6
Impact: A local user may be able to leak sensitive user information
Description: A timing side channel allowed an attacker to recover
keys. This issue was addressed by introducing constant time
computation.
CVE-2016-7056: Cesar Pereida GarcAa and Billy Brumley (Tampere
University of Technology)

MCX Client
Available for:  macOS Sierra 10.12.3
Impact: Removing a configuration profile with multiple payloads may
not remove Active Directory certificate trust
Description: An issue existed in profile uninstallation. This issue
was addressed through improved cleanup.
CVE-2017-2402: an anonymous researcher

Menus
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to disclose process memory
Description: An out-of-bounds read was addressed through improved
input validation.
CVE-2017-2409: Sergey Bylokhov

Multi-Touch
Available for:  macOS Sierra 10.12.3
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2422: @cocoahuke

OpenSSH
Available for:  macOS Sierra 10.12.3
Impact: Multiple issues in OpenSSH
Description: Multiple issues existed in OpenSSH before version 7.4.
These were addressed by updating OpenSSH to version 7.4.
CVE-2016-10009
CVE-2016-10010
CVE-2016-10011
CVE-2016-10012

OpenSSL
Available for:  macOS Sierra 10.12.3
Impact: A local user may be able to leak sensitive user information
Description: A timing side channel issue was addressed by using
constant time computation.
CVE-2016-7056: Cesar Pereida GarcAa and Billy Brumley (Tampere
University of Technology)

Printing
Available for:  macOS Sierra 10.12.3
Impact: Clicking a malicious IPP(S) link may lead to arbitrary code
execution
Description: An uncontrolled format string issue was addressed
through improved input validation.
CVE-2017-2403: beist of GrayHash

python
Available for:  macOS Sierra 10.12.3
Impact: Processing maliciously crafted zip archives with Python may
lead to arbitrary code execution
Description: A memory corruption issue existed in the handling of zip
archives. This issue was addressed through improved input validation.
CVE-2016-5636

QuickTime
Available for:  macOS Sierra 10.12.3
Impact: Viewing a maliciously crafted media file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in QuickTime. This
issue was addressed through improved memory handling.
CVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of
Qihoo 360

Security
Available for:  macOS Sierra 10.12.3
Impact: Validating empty signatures with SecKeyRawVerify() may
unexpectedly succeed
Description: An validation issue existed with cryptographic API
calls. This issue was addressed through improved parameter
validation.
CVE-2017-2423: an anonymous researcher

Security
Available for:  macOS Sierra 10.12.3
Impact: An attacker with a privileged network position may capture or
modify data in sessions protected by SSL/TLS
Description: Under certain circumstances, Secure Transport failed to
validate the authenticity of OTR packets. This issue was addressed by
restoring missing validation steps.
CVE-2017-2448: Alex Radocea of Longterm Security, Inc.

Security
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-2451: Alex Radocea of Longterm Security, Inc.

Security
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted x509 certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the parsing of
certificates. This issue was addressed through improved input
validation.
CVE-2017-2485: Aleksandar Nikolic of Cisco Talos

SecurityFoundation
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A double free issue was addressed through improved
memory management.
CVE-2017-2425: kimyok of Tencent Security Platform Department

sudo
Available for:  macOS Sierra 10.12.3
Impact: A user in an group named "admin" on a network directory
server may be able to unexpectedly escalate privileges using sudo
Description: An access issue existed in sudo. This issue was
addressed through improved permissions checking.
CVE-2017-2381

System Integrity Protection
Available for: macOS Sierra 10.12.3
Impact: A malicious application may be able to modify protected
disk locations
Description: A validation issue existed in the handling of
system installation. This issue was addressed through improved
handling and validation during the installation process.
CVE-2017-6974: Patrick Wardle of Synack

tcpdump
Available for:  macOS Sierra 10.12.3
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: Multiple issues existed in tcpdump before 4.9.0. These
were addressed by updating tcpdump to version 4.9.0.
CVE-2016-7922
CVE-2016-7923
CVE-2016-7924
CVE-2016-7925
CVE-2016-7926
CVE-2016-7927
CVE-2016-7928
CVE-2016-7929
CVE-2016-7930
CVE-2016-7931
CVE-2016-7932
CVE-2016-7933
CVE-2016-7934
CVE-2016-7935
CVE-2016-7936
CVE-2016-7937
CVE-2016-7938
CVE-2016-7939
CVE-2016-7940
CVE-2016-7973
CVE-2016-7974
CVE-2016-7975
CVE-2016-7983
CVE-2016-7984
CVE-2016-7985
CVE-2016-7986
CVE-2016-7992
CVE-2016-7993
CVE-2016-8574
CVE-2016-8575
CVE-2017-5202
CVE-2017-5203
CVE-2017-5204
CVE-2017-5205
CVE-2017-5341
CVE-2017-5342
CVE-2017-5482
CVE-2017-5483
CVE-2017-5484
CVE-2017-5485
CVE-2017-5486

tiffutil
Available for:  macOS Sierra 10.12.3
Impact: Processing a maliciously crafted image may lead to unexpected
application termination
Description: An out-of-bound read existed in LibTIFF versions before
4.0.7. This was addressed by updating LibTIFF in AKCmds to version
4.0.7.
CVE-2016-3619
CVE-2016-9533
CVE-2016-9535
CVE-2016-9536
CVE-2016-9537
CVE-2016-9538
CVE-2016-9539
CVE-2016-9540

WebKit
Available for:  macOS Sierra 10.12.3
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed
through improved state management.
CVE-2017-2486: redrain of light4freedom

WebKit
Available for:  macOS Sierra 10.12.3
Impact: An application may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2392: Max Bazaliy of Lookout

WebKit
Available for:  macOS Sierra 10.12.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2457: lokihardt of Google Project Zero

Installation note:

macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and
Security Update 2017-001 Yosemite may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJY2Yo6AAoJEIOj74w0bLRGPqYQAMBBWvVEfXg753E0gorEMXMG
3OKqGKmkpIgKRSmtNja4Heq/tY2pSBN0CDHKfeGnO6ayUmeH5yZwg8ZWtqaV3bpl
Gx7jBvglsrGt4vSPcUvhQV/4YSrRDMDwqBOqBcrIFRQnUMluybw0PiRkMuUQ1m30
Uh10OO94SJbzqtbGkEHXJX/ajOX5ELlkXE7tHD8Z91IJa95fxN4dZ2mTEiGQ4XCu
NfkDN/U6S+qj+KRl3ra7fIA5QttTQoqM497Efan8soyq9oLrc5jypDrtuKEiU2/x
DUpRxONjOIlmilsYFosMjT+z5PUWdHcfkw6U5sLYcwCgY3hkYwJnJUX6I2VSLjk7
aa85lAGyj/cyqd2n4PEF58bFlGZkfv1BuUp06f8ccEMjG4dxYjCxrVw4uwGvE61n
hVgS25GGhJXbvHxkpggdC6n3Pbe7FqhUPwzhFRhBeFKVw+ed5wf6PoxqiJ+wmu+Y
vEk+b+s1rsPz5WDXc7vkDegA5S3CsxLGEzTDRxvlcktmku08Rv3EHr+1SSAwB5CE
BtOWoT2i6KN4+XgaOdT1dBX2nkeIumM44OS+aJEW27uXSaLD7zm44EjEd1LyQRko
hpruHLPZsZQudpkfayUo6YYu5uNZdfJoNktKhU255keYnrLZk9I8UgXjW0IC5Ev1
CN+j/BMQsIWdeO1Cm3Rc
=DFqi
-----END PGP SIGNATURE-----