Details of VAR-201904-1360

ID

VAR-201904-1360

CVE

CVE-2018-4293

TITLE

plural Apple In product cookie Management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-014971

DESCRIPTION

A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. plural Apple Because the product is incompletely checked, cookie An administrative vulnerability exists.Information may be obtained. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS High Sierra is a dedicated operating system developed for Mac computers. A security vulnerability exists in the CFNetwork component of several Apple products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team APFS Available for: macOS High Sierra 10.13.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative ATS Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-4293: an anonymous researcher CoreCrypto Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4269: Abraham Masri (@cheesecakeufo) CUPS Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2018-4276: Jakub Jirasek of Secunia Research at Flexera Entry added October 30, 2018 DesktopServices Available for: macOS Sierra 10.12.6 Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in which execute permission was incorrectly granted. CVE-2018-4178: Arjen Hendrikse IOGraphics Available for: macOS High Sierra 10.13.5 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. An information disclosure issue was addressed with FP/SIMD register state sanitization. CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival Kernel Available for: macOS High Sierra 10.13.5 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Entry added October 30, 2018 libxpc Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: macOS High Sierra 10.13.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter CVE-2018-6913: GwanYeong Kim Entry added October 30, 2018 Ruby Available for: macOS High Sierra 10.13.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Entry added October 30, 2018 Additional recognition App Store We would like to acknowledge Jesse Endahl & Stevie Hryciw of Fleetsmith and and Max BA(c)langer of Dropbox for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance. Installation note: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EgwhAA rut4Qepkh88tcd23FV/Fz6uEdqa2MDPRPhVs6rM5iM7912vhtVZHz1sDUpSwNFe+ Hfdx0qsZaxY1sKjqMejq5mpanjFWhCCWb7MxifGm1HTJRMibuTAW7zVwD51jsG7z GpQtZ8ASaW9NErn+3IPB0O//CCvAKR/qyqn+KyEhYw+xtz2j+dzneB6lpwFkiqG2 0Iz5DQ2Hwms/88byzoXLWljAApvgSeant1YAiShq9bvQ3iWSkLSoo1dEa9jhhGJV jKyc+XloM7AfAHl6sjR6t3Cgdmfpy7s4osx17tqa4B5CYUloBGcZ0SZrL6iJDDvV 5OTsXHCQ9NLwZrdAwIgfcVcs01Y8hVkpjhCmm2InGwREJUtpYefCQ/kIlDa1YOym 3ua/SEO5+UYSVspG45vTdRB6SNSzeWzcQvJohrXavSllttcGyNx9RxMSr9CGxNSE Vjmo30J8D2Oow2hMtK1PWXxI+t4UadO33rL1H2u8ivl9J1BI9sEL0linFTUpEnIS iIRYUdrr+ZduSsC21NBLhMOak61GWYQRSN+p3nbL7fDqZCFdBSwvye4q2MmZG1Op aDePXQWSPgzlXzfi2C6KiR+lSyZlgCwtwhPGlzDFH5MGxr5Tleov98GB4uml91lj PVSMCsvYvRarIh6enmy+SR/6X7gVgrpx4m/fdraBwTw= =e0YF -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2018-4293 // JVNDB: JVNDB-2018-014971 // VULHUB: VHN-134324 // PACKETSTORM: 148467 // PACKETSTORM: 148466 // PACKETSTORM: 148477 // PACKETSTORM: 148468 // PACKETSTORM: 148641 // PACKETSTORM: 148470 // PACKETSTORM: 150118

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lt	version:	12.8	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.4.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.4.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.5	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.6 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4.1 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4.1 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4.1 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.8 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4.1 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.2 (apple watch all models )	Trust: 0.8

sources: JVNDB: JVNDB-2018-014971 // NVD: CVE-2018-4293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4293
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4293
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-2001
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134324
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4293
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134324
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4293
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134324 // CNNVD: CNNVD-201807-2001 // JVNDB: JVNDB-2018-014971 // NVD: CVE-2018-4293

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-134324 // JVNDB: JVNDB-2018-014971 // NVD: CVE-2018-4293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-2001

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201807-2001

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014971

PATCH

title:	HT208937	url:	https://support.apple.com/en-us/HT208937	Trust: 0.8
title:	HT208938	url:	https://support.apple.com/en-us/HT208938	Trust: 0.8
title:	HT208932	url:	https://support.apple.com/en-us/HT208932	Trust: 0.8
title:	HT208933	url:	https://support.apple.com/en-us/HT208933	Trust: 0.8
title:	HT208935	url:	https://support.apple.com/en-us/HT208935	Trust: 0.8
title:	HT208936	url:	https://support.apple.com/en-us/HT208936	Trust: 0.8
title:	HT208932	url:	https://support.apple.com/ja-jp/HT208932	Trust: 0.8
title:	HT208933	url:	https://support.apple.com/ja-jp/HT208933	Trust: 0.8
title:	HT208935	url:	https://support.apple.com/ja-jp/HT208935	Trust: 0.8
title:	HT208936	url:	https://support.apple.com/ja-jp/HT208936	Trust: 0.8
title:	HT208937	url:	https://support.apple.com/ja-jp/HT208937	Trust: 0.8
title:	HT208938	url:	https://support.apple.com/ja-jp/HT208938	Trust: 0.8
title:	Multiple Apple product CFNetwork Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82729	Trust: 0.6

sources: CNNVD: CNNVD-201807-2001 // JVNDB: JVNDB-2018-014971

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4293	Trust: 3.2
db:	JVN	id:	JVNVU93082496	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014971	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-2001	Trust: 0.7
db:	BID	id:	104844	Trust: 0.1
db:	VULHUB	id:	VHN-134324	Trust: 0.1
db:	PACKETSTORM	id:	148467	Trust: 0.1
db:	PACKETSTORM	id:	148466	Trust: 0.1
db:	PACKETSTORM	id:	148477	Trust: 0.1
db:	PACKETSTORM	id:	148468	Trust: 0.1
db:	PACKETSTORM	id:	148641	Trust: 0.1
db:	PACKETSTORM	id:	148470	Trust: 0.1
db:	PACKETSTORM	id:	150118	Trust: 0.1

sources: VULHUB: VHN-134324 // PACKETSTORM: 148467 // PACKETSTORM: 148466 // PACKETSTORM: 148477 // PACKETSTORM: 148468 // PACKETSTORM: 148641 // PACKETSTORM: 148470 // PACKETSTORM: 150118 // CNNVD: CNNVD-201807-2001 // JVNDB: JVNDB-2018-014971 // NVD: CVE-2018-4293

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-4293	Trust: 2.1
url:	https://support.apple.com/kb/ht208932	Trust: 1.7
url:	https://support.apple.com/kb/ht208933	Trust: 1.7
url:	https://support.apple.com/kb/ht208935	Trust: 1.7
url:	https://support.apple.com/kb/ht208936	Trust: 1.7
url:	https://support.apple.com/kb/ht208937	Trust: 1.7
url:	https://support.apple.com/kb/ht208938	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4293	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93082496/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht201222	Trust: 0.7
url:	https://www.apple.com/support/security/pgp/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4248	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4277	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4280	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4264	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4270	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4271	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4262	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4266	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4273	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4284	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4272	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4265	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4261	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4263	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4267	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4278	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3665	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4269	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4178	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4285	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4289	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4268	Trust: 0.3
url:	https://support.apple.com/downloads/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4283	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4282	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.2
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4290	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14064	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10784	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4288	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8777	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17405	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4276	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4291	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6914	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4286	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14033	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6913	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4259	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17742	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4287	Trust: 0.1

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 148467 // PACKETSTORM: 148466 // PACKETSTORM: 148477 // PACKETSTORM: 148468 // PACKETSTORM: 148641 // PACKETSTORM: 148470 // PACKETSTORM: 150118

SOURCES

db:	VULHUB	id:	VHN-134324
db:	PACKETSTORM	id:	148467
db:	PACKETSTORM	id:	148466
db:	PACKETSTORM	id:	148477
db:	PACKETSTORM	id:	148468
db:	PACKETSTORM	id:	148641
db:	PACKETSTORM	id:	148470
db:	PACKETSTORM	id:	150118
db:	CNNVD	id:	CNNVD-201807-2001
db:	JVNDB	id:	JVNDB-2018-014971
db:	NVD	id:	CVE-2018-4293

LAST UPDATE DATE

2026-01-26T21:53:05.318000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134324	date:	2019-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-2001	date:	2019-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-014971	date:	2019-04-18T00:00:00
db:	NVD	id:	CVE-2018-4293	date:	2024-11-21T04:07:08.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134324	date:	2019-04-03T00:00:00
db:	PACKETSTORM	id:	148467	date:	2018-07-09T19:22:22
db:	PACKETSTORM	id:	148466	date:	2018-07-09T14:44:44
db:	PACKETSTORM	id:	148477	date:	2018-07-10T14:02:22
db:	PACKETSTORM	id:	148468	date:	2018-07-09T20:20:22
db:	PACKETSTORM	id:	148641	date:	2018-07-23T13:01:11
db:	PACKETSTORM	id:	148470	date:	2018-07-09T23:22:22
db:	PACKETSTORM	id:	150118	date:	2018-10-31T16:14:57
db:	CNNVD	id:	CNNVD-201807-2001	date:	2018-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-014971	date:	2019-04-18T00:00:00
db:	NVD	id:	CVE-2018-4293	date:	2019-04-03T18:29:05.737