This document describes the security content of macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Stay Up to Date with the Latest macOS Sierra 10.12.5 Update for the Mac The latest update in Apple's desktop software lineup has finally arrived. MacOS Sierra 10.12.5 is immediately available for. Apple has officially released macOS 10.12.5 Sierra (Build 16F73) update for Mac devices with iCloud 6.2.1 and iTunes 12.6.1 software updates as well. So if you have not yet installed the latest macOS 10.12.5 Update on your computer or laptop, then you must install now to experience all new features, functions, improvements, performance, bugs fixes, and security enhancements.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.
Apple security documents reference vulnerabilities by CVE-ID when possible.
macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite
Released July 19, 2017
afclip
Available for: macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-7016: riusksk (泉哥) of Tencent Security Platform Department
afclip
Available for: macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7033: riusksk (泉哥) of Tencent Security Platform Department
AppleGraphicsControl
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13853: shrek_wzw from Qihoo 360 NirvanTeam
Entry added November 2, 2017
AppleGraphicsPowerManagement
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team
Mac Os 10.12 Download Dmg
Audio
Available for: macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may disclose restricted memory
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7015: riusksk (泉哥) of Tencent Security Platform Department
Bluetooth
Available for: macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7050: Min (Spark) Zheng of Alibaba Inc.
CVE-2017-7051: Alex Plaskett of MWR InfoSecurity
Bluetooth
Os X Sierra Dmg
Available for: macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7054: Alex Plaskett of MWR InfoSecurity, Lufeng Li of Qihoo 360 Vulcan Team
Contacts
Available for: macOS Sierra 10.12.5
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)
CoreAudio
Available for: macOS Sierra 10.12.5
Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved bounds checking.
CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team
curl
Available for: macOS Sierra 10.12.5
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to version 7.54.0.
CVE-2016-9586
CVE-2016-9594
CVE-2017-2629
CVE-2017-7468
Foundation
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Processing a maliciously crafted file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-7031: HappilyCoded (ant4g0nist and r3dsm0k3)
Font Importer
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-13850: John Villamil, Doyensec
Entry added October 31, 2017
Intel Graphics Driver
Available for: macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7014: Lee of Minionz, Axis and sss of Qihoo 360 Nirvan Team
CVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
CVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team
Intel Graphics Driver
Available for: macOS Sierra 10.12.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team
CVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team
IOUSBFamily
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7022: an anonymous researcher
CVE-2017-7024: an anonymous researcher
Kernel
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7023: an anonymous researcher
Kernel
Available for: macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7025: an anonymous researcher
CVE-2017-7027: an anonymous researcher
CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Sierra 10.12.5
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7026: an anonymous researcher
Kernel
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-7028: an anonymous researcher
CVE-2017-7029: an anonymous researcher
Kernel
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team
kext tools
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team
libarchive
Available for: macOS Sierra 10.12.5
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: A buffer overflow was addressed through improved bounds checking.
CVE-2017-7068: found by OSS-Fuzz
libxml2
Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
Description: An out-of-bounds read was addressed through improved bounds checking.
CVE-2017-7010: Apple
CVE-2017-7013: found by OSS-Fuzz
libxpc
Available for: macOS Sierra 10.12.5 and OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7047: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS Sierra 10.12.5
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7065: Gal Beniamini of Google Project Zero
Entry added September 25, 2017
Wi-Fi
Available for: macOS Sierra 10.12.5
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite includes the security content of Safari 10.1.2.
Additional recognition
.png/revision/latest/scale-to-width-down/2000?cb=20190315041924 "Apple macos sierra 10.12.5 complete download")
curl
We would like to acknowledge Dave Murdock of Tangerine Element for their assistance.
Download macOS Sierra 10.12.5 free latest standalone offline bootable DMG image. Apple macOS Sierra 10.12 is a complete and stable macOS release with various fixes and enhancements.
macOS Sierra 10.12.5 Review
The macOS Sierra specifically focuses on the performance, compatibility, stability and the security of Mac with numerous enhancements. It comes packed with different new features and various enhancements to provide the best Mac operating system. A sleek user interface with the support for all the latest devices and better compatibility features. Also, it efficiently consumes the system resources and performs all the operations without slowing down your Mac computer.
This release includes various fixes for audio stuttering when using USB headphones. Better Mac App Store compatibility with all the latest updates. Moreover, it also adds support for installing Windows 10 Creators Update. In addition, it adds support for camera RAW formats along with various Photos enhancements. Also, this release fixes a date issue for education and enterprise customers. Potential Kernel Panic prevention at the time of starting up with a NetInstall image and much more to provide a stable environment for all.
Features of macOS Sierra 10.12.5
- Intelligent OS with various enhancements
- Data synchronization and cloud features
- FaceTime, Siri, and iCloud enhancements
- Chinese trackpad and keyboard support
- Easy switching between the iDevices
- Fixes audio issues of USB devices
- Support for installing Windows 10 Creators update
- New Safari extensions and much more
Technical Details of macOS Sierra 10.12.5
- File Name: macOS_Sierra_12.5.dmg
- File Size: 4.6 GB
- Developer: Apple
System Requirements for macOS Sierra 10.12.5
- 8 GB free HDD
- 2GB RAM
- Core 2 Duo Intel Processor
macOS Sierra 10.12.5 Free Download
Download macOS Sierra 10.12.5 free latest version standalone offline DMG image setup by clicking the below button. It is a complete operating system providing a wide range of new features and enhancements. You can also download MacOS High Sierra 10.13.3