ID

VAR-201808-1004

CVE

CVE-2018-5383

TITLE

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

DESCRIPTION

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Multiple Bluetooth drivers are prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and certain unauthorized actions, which will aid in further attacks. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. ========================================================================= Ubuntu Security Notice USN-4095-1 August 13, 2019 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Details: Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1054-kvm 4.4.0-1054.61 linux-image-4.4.0-1090-aws 4.4.0-1090.101 linux-image-4.4.0-1118-raspi2 4.4.0-1118.127 linux-image-4.4.0-1122-snapdragon 4.4.0-1122.128 linux-image-4.4.0-159-generic 4.4.0-159.187 linux-image-4.4.0-159-generic-lpae 4.4.0-159.187 linux-image-4.4.0-159-lowlatency 4.4.0-159.187 linux-image-4.4.0-159-powerpc-e500mc 4.4.0-159.187 linux-image-4.4.0-159-powerpc-smp 4.4.0-159.187 linux-image-4.4.0-159-powerpc64-emb 4.4.0-159.187 linux-image-4.4.0-159-powerpc64-smp 4.4.0-159.187 linux-image-aws 4.4.0.1090.94 linux-image-generic 4.4.0.159.167 linux-image-generic-lpae 4.4.0.159.167 linux-image-kvm 4.4.0.1054.54 linux-image-lowlatency 4.4.0.159.167 linux-image-powerpc-e500mc 4.4.0.159.167 linux-image-powerpc-smp 4.4.0.159.167 linux-image-powerpc64-emb 4.4.0.159.167 linux-image-powerpc64-smp 4.4.0.159.167 linux-image-raspi2 4.4.0.1118.118 linux-image-snapdragon 4.4.0.1122.114 linux-image-virtual 4.4.0.159.167 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-17-1 iOS 12 iOS 12 is now available and addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Core Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4330: Apple CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2018-4356: an anonymous researcher IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation. CVE-2018-4363: Ian Beer of Google Project Zero Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. CVE-2018-4352: an anonymous researcher Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. CVE-2018-4329: Hugo S. Diaz (coldpointblue) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf5GIACgkQeC9tht7T K3G2mg//QBqaVSeHLeqL489OJmSvBtudWIDY1GhHJ5Xc8ox3ILDNLVZeBU+DIpqr Fb/slmBKhNM69CPf2fGC/Af2h3ZbUYVoANoyWfH+A/PYzFV726w5WHaq4QZndauO urHsrE/lH8CvDFS6lzp0OdGV5hVIGQ3hoYiF0lYmIdzCDQYwvFp+pn2I3b37Io8K 5/cjRiYp+uq2NAKLm6hx8yq0NtYAQyQTsk6ZAsGlilmydLJDGnaeJE80wk7EBd8f rkdtqzs5B5ohHVYLcoGgMUrE7qyLpqwXjkfIJO8bkk1IqlbMwjmhOJVRPaHWtj5Y 8Ouc2ebMfpFimk9+ODBUYMCsQJgQw8P6pW3gfSpiheIOPc65KzoaAdg+nOfmPwJK LR9CDMJauwYHf1I2RrMzDBflV1HIPurYciHBZKn6IH4f3KNIu5PGNTnHFgln6MxT D11WXuxNfvc2B1hRIRHXD2OB1+rh5Q+tkb+AEauHzIFWgl7otx6EZhiu7W8Mxa22 k6s/Fo1UZI1GbnNjU9ugEumxH8w0WQNQZOOH3FI07aA7F2FVcTVXL4uaIoHzZR0N ZmC/RvsQNGmw8L+DRWedEHda/rieAgMHkJxrjF0Day9PqY50YL7F+7qaw2J6Tmpo r5jDothh/1TQbkE5G8oOaT3Y3iOtDcMqh0T7jRxIP7awQMKce9M= =1Ld6 -----END PGP SIGNATURE----- . CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4361: found by Google OSS-Fuzz Entry added September 24, 2018 Additional recognition Assets We would like to acknowledge Brandon Azad for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: linux-firmware security, bug fix, and enhancement update Advisory ID: RHSA-2019:2169-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2169 Issue date: 2019-08-06 CVE Names: CVE-2018-5383 ==================================================================== 1. Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5383 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. CVE-2018-5383: Lior Neumann and Eli Biham The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580) App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. CVE-2018-4353: Abhinav Bansal of Zscaler, Inc. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote or local

TYPE

data forgery

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2025-12-22T21:50:21.160000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE