Security Update 2016-001 Yosemite

maxim

Activo
Importante actualización de seguridad que tapa en Yosemite los mismos parches que en El Capitan, al fin y al cabo es el mismo sistema operativo con distinto wallpaper

Security Update 2016-001


AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 to v10.11.2
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1716 : moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent
Disk Images
Available for: OS X El Capitan v10.11 to v10.11.2
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team
IOAcceleratorFamily
Available for: OS X El Capitan v10.11.0 to v10.11.2
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1718 : Juwei Lin Trend Micro working with HP's Zero Day Initiative
IOHIDFamily
Available for: OS X El Capitan v10.11 to v10.11.2
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1719 : Ian Beer of Google Project Zero
IOKit
Available for: OS X El Capitan v10.11 to v10.11.2
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1720 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 to v10.11.2
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7995 : puzzor
OSA Scripts
Available for: OS X El Capitan v10.11 to v10.11.2
Impact: A quarantined application may be able to override OSA script libraries installed by the user
Description: An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks.
CVE-ID
CVE-2016-1729 : an anonymous researcher
syslog
Available for: OS X El Capitan v10.11 to v10.11.2
Impact: A local user may be able to execute arbitrary code with root privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs

Safari 9.0.3


WebKit


Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.


WebKit CSS

Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2
Impact: Websites may know if the user has visited a given link
Description: A privacy issue existed in the handling of the "a:visited button" CSS selector when evaluating the containing element's height. This was addressed through improved validation.
CVE-ID
CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix

Más INFO
https://support.apple.com/es-es/HT205731

Descarga
http://support.apple.com/downloads/DL1856/en_US/secupd2016-001yosemite.dmg
 
Arriba