Apple security updates

Number: AV17-152
Date: 11 October 2017

Purpose

The purpose of this advisory is to bring attention to multiple Apple security updates for macOS High Sierra 10.13.

Assessment

Apple has released a support article regarding security vulnerabilities in their products and the relevant macOS High Sierra update.

StorageKit: A local attacker may gain access to an encrypted APFS volume
macOS Security : A malicious application can extract keychain passwords

CVE References: CVE-2017-7149, CVE-2017-7150

Suggested Action

CCIRC recommends that owner/operators test and deploy the vendor released updates to the affected platforms in accordance with their risk mitigation framework.

References:

https://support.apple.com/en-us/HT208165
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7149
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7150

Date modified:: 2018-09-26

Language selection

Search

Purpose

Assessment

Suggested Action

Note to readers

Apple security updates

Purpose

Assessment

Suggested Action