Apple Releases OS X 10.11.3 with Sleep Fix and .pkg Receipts Fix for Enterprise, 9 Security Holes

| Product News

Apple released OS X 10.11.3 Tuesday, a bug fix release. The update fixes a sleep issue specific to some 4K displays, and an Enterprise-oriented fix for .pkg file receipts. The update also includes patches for nine security flaws.

You can download the update through the Mac App Store, where it's a 661MB download. Please post your upgrade experience in the comments below.

The general patch notes:

The OS X El Capitan v10.11.3 Update improves the stability, compatibility, and security of your Mac, and is recommended for all users.

This update:

  • Fixes an issue that may prevent some Mac computers from waking from sleep when connected to certain 4K displays.

Enterprise content:

  • Third-party .pkg file receipts stored in /var/db/receipts are now retained when upgrading from OS X Yosemite.

The nine security holes plugged include several issues that allow outside attackers to take over your Mac, as well as a problem that allowed maliciously-crafted webpages to do the same. Those patch notes:

OS X El Capitan 10.11.3 and Security Update 2016-001

 

  • AppleGraphicsPowerManagement

    Available for: OS X El Capitan v10.11 to v10.11.2

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue was addressed through improved memory handling.

    CVE-ID

    CVE-2016-1716 : moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent

  • Disk Images

    Available for: OS X El Capitan v10.11 to v10.11.2

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team

  • IOAcceleratorFamily

    Available for: OS X El Capitan v10.11.0 to v10.11.2

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue was addressed through improved memory handling.

    CVE-ID

    CVE-2016-1718 : Juwei Lin Trend Micro working with HP's Zero Day Initiative

  • IOHIDFamily

    Available for: OS X El Capitan v10.11 to v10.11.2

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2016-1719 : Ian Beer of Google Project Zero

  • IOKit

    Available for: OS X El Capitan v10.11 to v10.11.2

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue was addressed through improved memory handling.

    CVE-ID

    CVE-2016-1720 : Ian Beer of Google Project Zero

  • Kernel

    Available for: OS X El Capitan v10.11 to v10.11.2

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue was addressed through improved memory handling.

    CVE-ID

    CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro

  • libxslt

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-7995 : puzzor

  • OSA Scripts

    Available for: OS X El Capitan v10.11 to v10.11.2

    Impact: A quarantined application may be able to override OSA script libraries installed by the user

    Description: An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks.

    CVE-ID

    CVE-2016-1729 : an anonymous researcher

  • syslog

    Available for: OS X El Capitan v10.11 to v10.11.2

    Impact: A local user may be able to execute arbitrary code with root privileges

    Description: A memory corruption issue was addressed through improved memory handling.

    CVE-ID

    CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs

OS X El Capitan 10.11.3 includes the security content of Safari 9.0.3.

Popular TMO Stories

No Comments

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account