Categories
macOS News security Sierra Software

Apple releases macOS 10.12.1 Sierra update

macossierra

On Monday, Apple released macOS 10.12.1, the first major update to its recently-released macOS 10.12 Sierra operating system.

The update, which weighs in around 584 megabytes, includes the following fixes and changes:

Fixes:
Adds an automatic smart album in Photos for Depth Effect images taken on iPhone 7 Plus.

Improves the compatibility of Microsoft Office when using iCloud Desktop and Documents.

Fixes an issue that may prevent Mail from updating when using a Microsoft Exchange account.

Fixes an issue that caused text to sometimes paste incorrectly when using Universal Clipboard.

Improves reliability of Auto Unlock with Apple Watch.

Improves security and stability in Safari.


Fixes an issue that may cause Mail to display unnecessary password prompts for AOL accounts.

Improves compatibility with Fujitsu’s ScanSnap scanning software.

Addresses a “Filter Failed” error when printing to some Canon printers.

Fixes an issue that may prevent Grapher files from opening.

Brings back the Safari option to “never use font sizes smaller than” for displaying fonts on webpages.

Enterprise content:
Improves reliability of System Image Utility and imagetool when creating network disk images.

Security Fixes:
AppleGraphicsControl

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved lock state checking.

AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through improved locking.

ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.

ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with additional privileges
Description: A memory corruption issue was addressed through improved memory handling.

CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.

CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.

FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated
Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.

FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive user information
Description: An out-of-bounds read was addressed through improved bounds checking.

ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code execution
Description: An out-of-bounds write was addressed through improved bounds checking.

ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image parsing. This issue was addressed through improved bounds checking.

libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.

libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with root privileges
Description: A logic issue was addressed through additional restrictions.

ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This issue was addressed through improved validation.

NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved input validation.

Security
Available for: macOS Sierra 10.12
Impact: A local attacker can observe the length of a login password when a user logs in
Description: A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.

System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.

The update is available through macOS 10.12 Sierra’s App Store feature under the “Updates” tab.

If you’ve tried the new macOS 10.12.1 Sierra update and have any feedback to offer, let us know in the comments.