ID

VAR-201808-1004

CVE

CVE-2018-5383

TITLE

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

DESCRIPTION

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Crash Reporter Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero FontParser Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) UIKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4200: Ivan Fratric of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUsiMACgkQ8ecVjteJ iCYcZBAAusSQ6lM5Qebyc48iNEu/DUrOwUVyN6MNjo0699Xm+kbu+0u/JQNf75jw ZeelK31NLRyRx9BuK7u4J20gi+hsWI7N9wtVkeOaPiE/Ha45uEVaJ6lSSJOIZ3rZ oXb4PiL8+bSukiRgBvFhnxDwGCGefg8udRjtONRlCuMvyZAY09LT6cgZOXSEJEbF ecVmvDAEEwH1hcTV7PJbQ4nCkv97DA8dPVTbUUbtPXCOPYjsClz1JSUubOSDw3d4 7tq4pfs6ZJFZCE8JFJFY+CCIWuE1FppTE7FVJVfFdpAri+prTeGZJppzEjJDZR2g 4lCOyx926Mp5tqZx6WZc1Xkz8LJaZbEWPrfGW4wKMFIC7WPwhyi7y2NqVfcjbubW aOsfQFwbCx9KlfOfUMJtbAaha7TBiDJV5u2PMILL3ct2BRX+LqEUrlrR1uwhF5VZ npPX9cEwMbWRCj7QJC9bmRT1mPYKD+sK5HqBc7Ftp3NYv1hjhEz6iVcF7HYY9T2j aYzvsXaMilihEaDRu4H/0wLX4abUrOtUwFowuehUkNF30cgBrtyWcJl6K6/WaW2C IdmF0IB4T4MRWyPKY2r1A+rBerCaoxb0IBucOP9JO4V1uDrCoHdxEL9LfjXlz/tx CiPvy4EaV2aIDjSfkf75IXtHx2ueIFfdTGVH1OEdX9JoCSqNRPQ= =8ofX -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4095-2 August 13, 2019 linux-lts-xenial, linux-aws vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-4.4.0-1050-aws 4.4.0-1050.54 linux-image-4.4.0-159-generic 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-generic-lpae 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-lowlatency 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-powerpc-e500mc 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-powerpc-smp 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-powerpc64-emb 4.4.0-159.187~14.04.1 linux-image-4.4.0-159-powerpc64-smp 4.4.0-159.187~14.04.1 linux-image-aws 4.4.0.1050.51 linux-image-generic-lpae-lts-xenial 4.4.0.159.140 linux-image-generic-lts-xenial 4.4.0.159.140 linux-image-lowlatency-lts-xenial 4.4.0.159.140 linux-image-powerpc-e500mc-lts-xenial 4.4.0.159.140 linux-image-powerpc-smp-lts-xenial 4.4.0.159.140 linux-image-powerpc64-emb-lts-xenial 4.4.0.159.140 linux-image-powerpc64-smp-lts-xenial 4.4.0.159.140 linux-image-virtual-lts-xenial 4.4.0.159.140 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: linux-firmware security, bug fix, and enhancement update Advisory ID: RHSA-2019:2169-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2169 Issue date: 2019-08-06 CVE Names: CVE-2018-5383 ==================================================================== 1. Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5383 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl4n9zjgjWX9erEAQhAkw/+KcXoF0PnrjblvVm7NoR+6+Ap/0Q/ZA76 Q/lTMgCH2fhDPQov/S6l0uzlvrxzjcN2uQW/mM/XvaKgHX316q1Byj/ul74pfLGE ZfsmAfPeFy4YYSMOnzeFiE8lzbzM203JpiGCC0wS8Mm+oz13Bn6gwkZI3P3R4m3l LvPZ8AjMWXSRbdNDsxO+PONz9lsNQEEDspUKvdy3x2omdNCt8QPp1gIsP8lKM8g1 KIkJCwE0OkUrYOm9KEU3kNM1Nifx8LNjC+bdLMEgXMDtQiDdF085BrnXm10HYTAy DuGsE5Htep5balUiMOcR/Y4rb4r/fWfyRQNWG4H0RIduOCBTIDIcj3L/yKo/OU+t 15fe/S8OS14F8v2fsNEdrmmdFK12WiRzNozD/ZBbBklorTMvCrFrhQ9ZDIlD2ue/ RyoF4Zz5sCTP5NFQeYBEphU934UpHEc4VRZcrr4Rh86kS+0tWTrLZRE4Mx25jTjf TO72X8QlaGbOMtoErnZVmTVPUAJJMrZ5WBzrTZFOJrtnPsMAccvbNdfp/Ky30blh FHTMAVsVkZoRw8zayr8mSm3xCIY7B56hM0Ss42RSqO1f9KDeHAtbaVf1f4fuMr4E uZjw2Ma15KdNAGoOLgS941af276a9jRbHPrAmr3JWcTQb9osZFeoMcOOkikZgXtW hT1DU8n0QFA\xf9to -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-2018-5383: Lior Neumann and Eli Biham The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580) App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. CVE-2018-4353: Abhinav Bansal of Zscaler, Inc. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Entry added October 30, 2018 Additional recognition App Store We would like to acknowledge Jesse Endahl & Stevie Hryciw of Fleetsmith and and Max BA(c)langer of Dropbox for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote or local

TYPE

data forgery

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu,Red Hat

SOURCES

LAST UPDATE DATE

2025-10-20T01:48:29.702000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE