Details of VAR-201804-1166

ID

VAR-201804-1166

CVE

CVE-2018-4166

TITLE

plural Apple Product NSURLSession Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2018-003690

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. NSURLSession is one of the network session layer components. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-2 watchOS 4.3 watchOS 4.3 is now available and addresses the following: CoreFoundation Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4155: Samuel GroA (@5aelo) CVE-2018-4158: Samuel GroA (@5aelo) CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted string may lead to a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH File System Events Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4167: Samuel GroA (@5aelo) Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4150: an anonymous researcher Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC) Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6) NSURLSession Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo) Quick Look Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo) Security Available for: All Apple Watch models Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo) System Preferences Available for: All Apple Watch models Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup. CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera WebKit Available for: All Apple Watch models Impact: Unexpected interaction with indexing types causing an ASSERT failure Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks. CVE-2018-4113: found by OSS-Fuzz WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4114: found by OSS-Fuzz CVE-2018-4121: Natalie Silvanovich of Google Project Zero CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative WebKit Available for: All Apple Watch models Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. CVE-2018-4117: an anonymous researcher, an anonymous researcher Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA// QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7 43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn /Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw +tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU= =FEXo -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2018-4166 // JVNDB: JVNDB-2018-003690 // VULHUB: VHN-134197 // PACKETSTORM: 146965 // PACKETSTORM: 146966

AFFECTED PRODUCTS

vendor:	apple	model:	tvos	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.3	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	tv	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	7.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.2	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.1.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.1.2	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	6.2.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	7.0.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	7.0.3	Trust: 0.6

sources: JVNDB: JVNDB-2018-003690 // CNNVD: CNNVD-201804-145 // NVD: CVE-2018-4166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4166
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4166
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201804-145
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134197
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4166
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134197
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4166
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134197 // JVNDB: JVNDB-2018-003690 // CNNVD: CNNVD-201804-145 // NVD: CVE-2018-4166

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.9
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-134197 // JVNDB: JVNDB-2018-003690 // NVD: CVE-2018-4166

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-145

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201804-145

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003690

PATCH

title:	HT208692	url:	https://support.apple.com/en-us/HT208692	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/en-us/HT208693	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/en-us/HT208696	Trust: 0.8
title:	HT208698	url:	https://support.apple.com/en-us/HT208698	Trust: 0.8
title:	HT208692	url:	https://support.apple.com/ja-jp/HT208692	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/ja-jp/HT208693	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/ja-jp/HT208696	Trust: 0.8
title:	HT208698	url:	https://support.apple.com/ja-jp/HT208698	Trust: 0.8
title:	Multiple Apple product NSURLSession Repair measures for competitive conditions	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82997	Trust: 0.6

sources: JVNDB: JVNDB-2018-003690 // CNNVD: CNNVD-201804-145

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4166	Trust: 2.7
db:	SECTRACK	id:	1040608	Trust: 1.7
db:	SECTRACK	id:	1040604	Trust: 1.7
db:	JVN	id:	JVNVU92378299	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-003690	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-145	Trust: 0.6
db:	VULHUB	id:	VHN-134197	Trust: 0.1
db:	PACKETSTORM	id:	146965	Trust: 0.1
db:	PACKETSTORM	id:	146966	Trust: 0.1

sources: VULHUB: VHN-134197 // JVNDB: JVNDB-2018-003690 // PACKETSTORM: 146965 // PACKETSTORM: 146966 // CNNVD: CNNVD-201804-145 // NVD: CVE-2018-4166

REFERENCES

url:	https://support.apple.com/ht208692	Trust: 1.7
url:	https://support.apple.com/ht208693	Trust: 1.7
url:	https://support.apple.com/ht208696	Trust: 1.7
url:	https://support.apple.com/ht208698	Trust: 1.7
url:	http://www.securitytracker.com/id/1040604	Trust: 1.7
url:	http://www.securitytracker.com/id/1040608	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4166	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4166	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92378299/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4114	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4155	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4143	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4161	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4142	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4163	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4144	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4162	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4125	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4121	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4115	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4104	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4113	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4150	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4122	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4167	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4157	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4146	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4129	Trust: 0.2
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4158	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4117	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4101	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4120	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4127	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4165	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4128	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4118	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4119	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4130	Trust: 0.1

sources: VULHUB: VHN-134197 // JVNDB: JVNDB-2018-003690 // PACKETSTORM: 146965 // PACKETSTORM: 146966 // CNNVD: CNNVD-201804-145 // NVD: CVE-2018-4166

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 146965 // PACKETSTORM: 146966

SOURCES

db:	VULHUB	id:	VHN-134197
db:	JVNDB	id:	JVNDB-2018-003690
db:	PACKETSTORM	id:	146965
db:	PACKETSTORM	id:	146966
db:	CNNVD	id:	CNNVD-201804-145
db:	NVD	id:	CVE-2018-4166

LAST UPDATE DATE

2024-11-23T21:21:17.839000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134197	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-003690	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201804-145	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2018-4166	date:	2024-11-21T04:06:53.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134197	date:	2018-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-003690	date:	2018-06-01T00:00:00
db:	PACKETSTORM	id:	146965	date:	2018-03-30T15:52:32
db:	PACKETSTORM	id:	146966	date:	2018-03-30T15:52:53
db:	CNNVD	id:	CNNVD-201804-145	date:	2018-04-03T00:00:00
db:	NVD	id:	CVE-2018-4166	date:	2018-04-03T06:29:07.750