The Mac Security Blog

Security News

Apple Releases macOS Sierra 10.12.5 and More with Security Fixes

Posted on by

Apple Releases macOS Sierra 10.12.5 and More with Security Fixes

Apple today released software updates for all of its operating systems and Safari. As we all know, there is much more to these updates than what’s shown in the update description, so we have compiled all the important details below.

macOS Sierra 10.12.5

Available for: Any Mac running macOS Sierra 10.12.4

Listed as an update that improves the stability, compatibility, and security of your Mac, it mentions the following as being new and improved:

  • Fixes an issue where audio may stutter when played through USB headphones.
  • Enhances compatibility of the Mac App Store with future software updates.
  • Adds support for media-free installation of Windows 10 Creators Update using Boot Camp.

This update also addresses several security issues, 37 to be exact. These include:

  • 7 Kernel fixes preventing applications from reading restricted memory, gaining kernel privileges and executing arbitrary code.
  • 5 issues were fixed in several places including iBooks, Sandbox, Security and Speech Framework. These fixes will prevent applications from escaping their sandbox.
  • 3 issues that allowed an application to gain system privileges were patched.

OS X 10.11.6 El Capitan and OS X 10.10.5 Yosemite got a little love, too, with security updates.

Security Update 2017-002 El Capitan

Available for: Any Mac running OS X El Capitan v10.11.6

Listed as recommended for all users and improves the security of OS X, the update addresses issues that could allow applications to gain system or kernel privileges, read restricted memory or escape its sandbox. In total, El Capitan received 13 security fixes.

Security Update 2017-002 Yosemite

Available for: OS X Yosemite v10.10.5

Listed as recommended for all users and improves the security of OS X, the update addresses all but 2 of the same issues covered in the El Capitan security update. In total Yosemite received 11 security fixes.

For the full list of security issues addressed, have a look here. The updates can be downloaded through the App Store > Updates tab on all three OS versions. macOS Sierra users can also download a stand-alone update here. OS X El Capitan users you can get the security update here, and OS X Yosemite users can download it here.

This covered the updates available for just macOS and OS X, but there’s more.

iOS 10.3.2

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

iOS 10.3.2 is listed as an update that includes bug fixes and improves the security of your iOS device. A total of 41 security issues were addressed in this update, including:

  • 7 issues were addressed that could allow a maliciously crafted book, webpage or SQL query to cause arbitrary code execution.
  • 23 WebKit issues that could lead to arbitrary code execution and universal cross site scripting.

The full list of security issues addressed can be found here. iOS 10.3.2 can be downloaded over the air by going to Settings > General > Software Update. You can also connect your iOS device to your Mac and let iTunes do the update for you.

tvOS 10.2.1

Available for: Apple TV (4th generation)

tvOS saw 23 security issues addressed, including 7 fixes for memory corruption related issues that can lead to an application gaining kernel privileges and arbitrary code execution.

The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

watchOS 3.2.2

Available for: All Apple Watch models

A combined 12 security issues were addressed in the watchOS 3.2.2 update, focusing on application privileges and maliciously crafted data being able to execute arbitrary code.

The full list of security issues addressed in this update can be found here. watchOS 3.2.2 can be installed by connecting the watch to its charger, then on the iPhone open the Apple Watch app > My Watch tab > General > Software Update.

That’s it for the OS updates.

Safari 10.1.1

Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5

Safari 10.1.1 is listed as an update that is recommended for all users and contains security improvements. In total, 26 security issues were addressed, 23 of which involved WebKit.

The full list of security issues addressed can be found here. The update can be downloaded by going to the App Store > Updates tab on El Capitan and Yosemite systems. For Sierra users, the update is built-in to the 10.12.5 update.

While not as extensive as the last round of security updates, we recommended that you install these updates as soon as possible. As always, make sure your Mac and iOS device are properly backed up before installing updates. If you need any help creating or fine-tuning your backup strategy, have a look at this article.

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →