APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001

Fabricante: Apple
Fecha: 20/01/2016
Identificador: APPLE-SA-2016-01-19-2
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 OS X El Capitan 10.11.3 and Security Update 2016-001 is now available and addresses the following: AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1716 : moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent Disk Images Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team IOAcceleratorFamily Available for: OS X El Capitan v10.11.0 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1718 : Juwei Lin Trend Micro working with HP's Zero Day Initiative IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOKit Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor OSA Scripts Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A quarantined application may be able to override OSA script libraries installed by the user Description: An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks. CVE-ID CVE-2016-1729 : an anonymous researcher syslog Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with root privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWnsHdAAoJEBcWfLTuOo7tj/0P/2uG1QyMoIxPwzrtA178gig5 G1ozPA98X+6X+wd2ocVDUjROhKB+nySUuQvMr/LZY1ZyOE+zZlyv60EYefSwX9Qn ASQfdHU73eu1cfViQOrACb5CvyCv8xQ3xEs5Z8Ruw4AaLKM5ICSaFRZKPb6VLVJ8 S4l5fYY+su5LBqM61AxQi9WlHNsy0IUARj1dz67/Q45eJat9gkzUX5Xwuya5KbMu At2nyrzJQZhPmCl4uARglipbRE4r/jVC0Hmq8pM6rjRusO80cx6HsbUm0jIKe/xu QRN5IMrhyp4YnYwujFIN7sknsAQYdGjoq250KFe9lWeq4HhA+JI3pqCRfPY0uqo4 tL9TBmusv6xw5WgjomobCV8hEq3zmPwNyfBDgAot/mdUMOuam3qpyEeWpSATgfUj esgWZTPR5AAGd/dxk82Kz7PoHLDKf7lTtBbE8MRYFGaVZVZUiOjjbusYWbbikkhH Tr1Hy0kCJ3YLWpO/6G6z5sZXdXKTMf/o/PqnoRAwxXIr6PnfcPdpf0N+/cdQaqmv aoPNKPrCGAu3vlBHFrpP4FJgR6piZW/X30hh4DzqpGVNulUEI9USyIYsjB4M5IN7 pYUclIqpiLfXwi02uleVaetDuyPRCTY0vKOpMYVXG838aqZzpXyDRzyiPwLDMbK9 bb0aaqIVGEjM+xgCQ1db =CR2n -----END PGP SIGNATURE-----