ID

VAR-201804-1211


CVE

CVE-2018-4097


TITLE

Apple macOS Vulnerabilities in arbitrary kernel component execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2018-003670

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address the following: Audio Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and Taekyoung Kwon of the Information Security Lab, Yonsei University curl Available for: macOS High Sierra 10.13.2 Impact: Multiple issues in curl Description: An out-of-bounds read issue existed in the curl. This issue was addressed through improved bounds checking. CVE-2017-8817: found by OSS-Fuzz IOHIDFamily Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4098: Siguza Kernel Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read kernel memory (Meltdown) Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division) Kernel Available for: macOS High Sierra 10.13.2 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2018-4090: Jann Horn of Google Project Zero Kernel Available for: macOS High Sierra 10.13.2 Impact: An application may be able to read restricted memory Description: A race condition was addressed through improved locking. CVE-2018-4092: an anonymous researcher Kernel Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4082: Russ Cox of Google Kernel Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2018-4097: Resecurity, Inc. Kernel Available for: macOS High Sierra 10.13.2 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4093: Jann Horn of Google Project Zero LinkPresentation Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6.2 Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2018-4100: Abraham Masri (@cheesecakeufo) QuartzCore Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation. CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative Sandbox Available for: macOS High Sierra 10.13.2 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed through additional sandbox restrictions. CVE-2018-4091: Alex Gaynor of Mozilla Security Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6 Impact: A certificate may have name constraints applied incorrectly Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates. CVE-2018-4086: Ian Haken of Netflix WebKit Available for: macOS High Sierra 10.13.2 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4088: Jeonghoon Shin of Theori CVE-2018-4089: Ivan Fratric of Google Project Zero CVE-2018-4096: found by OSS-Fuzz Wi-Fi Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4084: Hyung Sup Lee of Minionz, You Chan Lee of Hanyang University Installation note: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpnnmApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZaqg/8 DAjzEHmWMZxkSl88DnX/Y9x39DQ1eV6O0Bsg/WQ2r6wZlRDnBOYdJtgJU0I9MjgT JjOj6M/l+YkVS3EJHcdQqAZ6RfSSMvIcRieHJ0Lfj6bfohKRLJxuloFVKar3lAsY fIdzqlFKqWvPY6Neto2iR7ZhTWDW7QiVwbgSR1fleEWEglWtTeJjL6mff73Mqexh 7VngVFIicrbjoFD7uY2dctgkP+no3dcFieyRWF/z8OAmAOIkAc/KMqFyj22DBDq5 hH1j07Eo0RLKMT+nPq3Vgir5JVVR68M4UvDnSDXGHmTRYaM2BT8osWqlehgFQ52F JhqAsJsKP1Mc9WZkly8OvBbZHJcIJryTSqytOOZRQuvg6fXHPOezajcpThTntGiI /YcmaFIt8bZ8c0GbQXTMY8YCJEHtG3zb/z+Wf0sABfzbtCt48e5CQD5HDsoZyiML J84Sbs1Lb5XFYsdZg5iUFukIJRqYwaf69BUgMmFPTOxkBL/KH7m4BmUtLeiStLYN ykdW2TQFEbM6ojPL9HrAyho0wdX2/G4jiemAk22fb/XQ6q9+57RyduE/MDiFW93a 2XcIzxlsRk37ISIPyEkQTF/L/DTMdnhgI+ZIwmaMwU8Hd48MMMg6MIWYctefvnyB a1pVFFlwHCfxBWYSVI2fkKwExlNNYXCOjGsN7TSBfNc= =pc7O -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2018-4097 // JVNDB: JVNDB-2018-003670 // BID: 102785 // VULHUB: VHN-134128 // VULMON: CVE-2018-4097 // PACKETSTORM: 146067

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 1.4

vendor:applemodel:mac os xscope:ltversion:10.13.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.2

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.2

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.13.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:security update sierrascope:neversion:2018-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2018-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13.3

Trust: 0.3

sources: BID: 102785 // JVNDB: JVNDB-2018-003670 // CNNVD: CNNVD-201801-1095 // NVD: CVE-2018-4097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4097
value: HIGH

Trust: 1.0

NVD: CVE-2018-4097
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201801-1095
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134128
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4097
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4097
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134128
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4097
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134128 // VULMON: CVE-2018-4097 // JVNDB: JVNDB-2018-003670 // CNNVD: CNNVD-201801-1095 // NVD: CVE-2018-4097

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-134128 // JVNDB: JVNDB-2018-003670 // NVD: CVE-2018-4097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-1095

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201801-1095

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003670

PATCH

title:HT208465url:https://support.apple.com/en-us/HT208465

Trust: 0.8

title:HT208465url:https://support.apple.com/ja-jp/HT208465

Trust: 0.8

title:Apple macOS High Sierra Kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78167

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2018/01/24/apple_ios_macos_patches/

Trust: 0.2

sources: VULMON: CVE-2018-4097 // JVNDB: JVNDB-2018-003670 // CNNVD: CNNVD-201801-1095

EXTERNAL IDS

db:NVDid:CVE-2018-4097

Trust: 3.0

db:BIDid:102785

Trust: 2.1

db:SECTRACKid:1040267

Trust: 1.2

db:JVNid:JVNVU99446427

Trust: 0.8

db:JVNDBid:JVNDB-2018-003670

Trust: 0.8

db:CNNVDid:CNNVD-201801-1095

Trust: 0.7

db:VULHUBid:VHN-134128

Trust: 0.1

db:VULMONid:CVE-2018-4097

Trust: 0.1

db:PACKETSTORMid:146067

Trust: 0.1

sources: VULHUB: VHN-134128 // VULMON: CVE-2018-4097 // BID: 102785 // JVNDB: JVNDB-2018-003670 // PACKETSTORM: 146067 // CNNVD: CNNVD-201801-1095 // NVD: CVE-2018-4097

REFERENCES

url:http://www.securityfocus.com/bid/102785

Trust: 1.9

url:https://support.apple.com/ht208465

Trust: 1.8

url:http://www.securitytracker.com/id/1040267

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4097

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4097

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99446427/index.html

Trust: 0.8

url:https://www.apple.com/

Trust: 0.3

url:https://lists.apple.com/archives/security-announce/2018/jan/msg00001.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2018/01/24/apple_ios_macos_patches/

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=56560

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4088

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4092

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-8817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4098

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4093

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4096

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4090

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4091

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4085

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4086

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4082

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4100

Trust: 0.1

sources: VULHUB: VHN-134128 // VULMON: CVE-2018-4097 // BID: 102785 // JVNDB: JVNDB-2018-003670 // PACKETSTORM: 146067 // CNNVD: CNNVD-201801-1095 // NVD: CVE-2018-4097

CREDITS

Siguza, Resecurity, Inc., Alex Gaynor of Mozilla, Hyung Sup Lee of Minionz, You Chan Lee of Hanyang University

Trust: 0.9

sources: BID: 102785 // CNNVD: CNNVD-201801-1095

SOURCES

db:VULHUBid:VHN-134128
db:VULMONid:CVE-2018-4097
db:BIDid:102785
db:JVNDBid:JVNDB-2018-003670
db:PACKETSTORMid:146067
db:CNNVDid:CNNVD-201801-1095
db:NVDid:CVE-2018-4097

LAST UPDATE DATE

2024-11-23T21:24:50.318000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-134128date:2018-04-27T00:00:00
db:VULMONid:CVE-2018-4097date:2018-04-27T00:00:00
db:BIDid:102785date:2018-01-23T00:00:00
db:JVNDBid:JVNDB-2018-003670date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201801-1095date:2018-01-31T00:00:00
db:NVDid:CVE-2018-4097date:2024-11-21T04:06:45.663

SOURCES RELEASE DATE

db:VULHUBid:VHN-134128date:2018-04-03T00:00:00
db:VULMONid:CVE-2018-4097date:2018-04-03T00:00:00
db:BIDid:102785date:2018-01-23T00:00:00
db:JVNDBid:JVNDB-2018-003670date:2018-06-01T00:00:00
db:PACKETSTORMid:146067date:2018-01-24T16:59:41
db:CNNVDid:CNNVD-201801-1095date:2018-01-31T00:00:00
db:NVDid:CVE-2018-4097date:2018-04-03T06:29:03.843