Apple released security updates for Mac OS X to address multiple vulnerabilities in Mac OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2.
The vulnerabilities are due to user-supplied input processing errors in multiple components of Apple Mac OS X, including AppleGraphicsPowerManagement, disk images, IOAcceleratorFamily, IOHIDFamily, IOKit, kernel, and syslog. A local attacker could exploit these vulnerabilities to trigger a memory corruption condition that the attacker could use to execute arbitrary code with kernel
privileges. An exploit could result in a complete system compromise.
This update also addressed a type confusion vulnerability in the libxslt
component of OS X that could lead to arbitrary code execution if an unauthenticated, remote attacker persuades a targeted user to visit a malicious website. In addition, this update mitigates a vulnerability in the OSA scripts component of the affected software that could allow a quarantined application to override OSA script libraries.
Apple released a security advisory at the following link: HT205731
. Apple released software updates and instructions for obtaining the updates at the following link: Software Updates
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Users are advised not to visit websites or follow links that have suspicious characteristics or cannot be verified as safe.
Administrators are advised to monitor affected systems.