==================================================================== CERT-Renater Note d'Information No. 2016/VULN027 _____________________________________________________________________ DATE : 20/01/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): OS X versions prior to El Capitan 10.11.3. ====================================================================== http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html _____________________________________________________________________ APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 OS X El Capitan 10.11.3 and Security Update 2016-001 is now available and addresses the following: AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1716 : moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent Disk Images Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team IOAcceleratorFamily Available for: OS X El Capitan v10.11.0 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1718 : Juwei Lin Trend Micro working with HP's Zero Day Initiative IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOKit Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor OSA Scripts Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A quarantined application may be able to override OSA script libraries installed by the user Description: An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks. CVE-ID CVE-2016-1729 : an anonymous researcher syslog Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with root privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================