Number: AV16-147
Date: 21 September 2016
Purpose
The purpose of this advisory is to bring attention to multiple Apple system security updates for iCloud for Windows, macOS Server, Safari and macOS Sierra.
Assessment
Apple has released the following support articles:
HT207147 - iCloud for Windows 6.0 (Windows 7 and later)
HT207171 - macOS Server 5.2 (macOS Sierra 10.12)
HT207157 - Safari 10 (OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12)
HT207170 - macOS Sierra 10.12 (OS X El Capitan v10.11.6)
Details: These updates address multiple vulnerabilities, including arbitrary remote code execution, cross-site scripting and proxy traffic through an arbitrary server.
Multiple CVEs are referenced; please refer to Apple's advisory for specific details.
Suggested action
CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms referred to in Apple Support Articles HT207147, HT207171, HT207157, and HT207170.
References
https://support.apple.com/kb/HT207147
https://support.apple.com/kb/HT207171
https://support.apple.com/kb/HT207157
https://support.apple.com/kb/HT207170