Twenty Year Anniversary

Apple Security Advisory 2017-10-05-1

Apple Security Advisory 2017-10-05-1
Posted Oct 5, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-05-1 - macOS High Sierra 10.13 Supplemental Update is now available and addresses a password hint issue and keychain extraction vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2017-7149, CVE-2017-7150
MD5 | e45a94ded313797d31cf2f887f7abb48

Apple Security Advisory 2017-10-05-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update

macOS High Sierra 10.13 Supplemental Update is now available
and addresses the following:

StorageKit
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS
encrypted volume, the password was stored as the hint. This was
addressed by clearing hint storage if the hint was the password, and
by improving the logic for storing hints.
CVE-2017-7149: Matheus Mariano of Leet Tech

Security
Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the
keychain access prompt with a synthetic click. This was addressed by
requiring the user password when prompting for keychain access.
CVE-2017-7150: Patrick Wardle of Synack

New downloads of macOS High Sierra 10.13 include the security
content of the macOS High Sierra 10.13 Supplemental Update.

Installation note:

macOS High Sierra 10.13 Supplemental Update may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZ1muIAAoJEIOj74w0bLRGK4YP/0po4Tefgarlu0uLyWAxst/6
KTtHK6sJs7wE0nsGJV1SUrKCLtuKo82mOkLJU5a7iS2qBcCLZVFr63HlG6nPDsJU
mTfEGcUoVJMLy8BvkHxuQKA9h/4dymZ+4irQZ6ZxUKWYSIBowf0p2oWmwjxKY3v1
BNRx7bLnJH3bOej2EZbwGUVUMVWxlnGTeHQwGNrSoHlWQayZy/S9mJQRFlG8UlrQ
C3EH8PxMNJKQuClP5WutREFzoY5uod4v24yFwlz1OdnyNhafprQnRUJaFlpiD0Fi
oVf4OnuPOxI1txZ+QIN3virg3/TI/uLKYFpVatrw/sBiFPPD1W3PSHTGF3LtXAVf
WFx7OQpAw/IFir2UZXMoOzMA7jrKgROn393/utbNVemoeUlr0SwG83zTsL/fmLGB
m0u2PhHgUvTkGmTrdf8DCr1RCs20Q1KahkScUT3iBFoEGP+Tqy1PTgXb+2KFGKL3
nA8r7fWu1aFRu/rLUPO+cs46Y1LSqxmgYlYE1B2W5mpO03EUyNzq3aoI68s97+UI
xka2V//xbhFTok4r08bLKK+KvNC2qan6MyMEqqp9PNsWOTtUoEw1EJTrQoQkMkjp
/qPFwGe6LDOtxWDB1LMC80Ruto3CiSbkmLN6D9XLYKQnbuJSQiioU/VWIG5EN+lC
+olewerlqcRryeVWc4IM
=Frfq
-----END PGP SIGNATURE-----



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    11 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close