Details of VAR-201904-1374

ID

VAR-201904-1374

CVE

CVE-2018-4414

TITLE

plural Apple Memory corruption vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014892

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. CoreFoundation is one of the C language application programming interface (API) components. A buffer error vulnerability exists in the CoreFoundation component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows iTunes 12.9 for Windows addresses the following: CFNetwork Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: Windows 7 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreText Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero WebKit Available for: Windows 7 and later Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018 WebKit Available for: Windows 7 and later Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google WebKit Available for: Windows 7 and later Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: iTunes 12.9 for Windows may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H36BAA kOdio5aQDT6TT5y302gTD8IRudSct/JHVCjMbaEU4Q28RKb5yumU3j+x3QylMwx8 n60VkwST8bzxjffZa+ER8F+8+NdPdcWtyYPHauEOt/ICKWLmxXZr3JIXk1XIxwz2 I9Ca9kkO+q6lWSjYVk44ZnEplEj4UctE8FoDTCXOsaATcPOeNGZttxjHBZLEnMHg 7vcFaJ7fQQf3ECuZG7HLXWvelQCzOSR1dNXUeAXTPoVrKAEBRk7Z8/UlB/mRYntv 0GSaJZCIMO8r/TwS/+KWzHgtRREusR9Sk827yDVZoqL8q3mMprIoospOiHsezEnq RReMU2sNCc6mm2x28gnZrjQgxPL4abwV+z/P8oloOjnN3gydUnQXFM606z2ZCp2y GgjrnIjLtlri1rx1wLccqMPi2GZFmOcNvgPBBuHfWj5GpPjE6ILWXcy6cg+hfgD9 CCUMqJFTW3gclGjno5nfqq7yaxJaD+CniGNhFxZxhOVbTXzMQ7T24biUz+ulr0Ip Yi11Xlb+xUk9SGP0ioci9nsfV8MAKy4eb/JpDIXBkQL9LWzp4z+gYeoNUZOyK9pB Mr3Kn15K76ApsoBFkFNI2AXwvXFtda5no5jy7EarbefmyD1BA0W9Tfg1kJEmh1J5 cdFwOCALT9HHUn7bccDIPvQlVH/sgEjVkMRapHl72SE= =5IB1 -----END PGP SIGNATURE-----

Trust: 3.42

sources: NVD: CVE-2018-4414 // JVNDB: JVNDB-2018-014892 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-008148 // VULHUB: VHN-134445 // VULMON: CVE-2018-4414 // PACKETSTORM: 150115 // PACKETSTORM: 150114

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14	Trust: 1.8
vendor:	apple	model:	icloud	scope:	lt	version:	7.7	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	5.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.9	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.7 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.9 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5 (apple watch series 1 or later )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	7.7 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.0.1 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2018-014892 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-008148 // NVD: CVE-2018-4414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4414
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4414
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-1581
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134445
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4414
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4414
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134445
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4414
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134445 // VULMON: CVE-2018-4414 // JVNDB: JVNDB-2018-014892 // CNNVD: CNNVD-201810-1581 // NVD: CVE-2018-4414

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134445 // JVNDB: JVNDB-2018-014892 // NVD: CVE-2018-4414

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1581

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1581

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014892

PATCH

title:	HT209141	url:	https://support.apple.com/en-us/HT209141	Trust: 1.6
title:	HT209139	url:	https://support.apple.com/en-us/HT209139	Trust: 1.6
title:	HT209140	url:	https://support.apple.com/en-us/HT209140	Trust: 0.8
title:	HT209106	url:	https://support.apple.com/en-us/HT209106	Trust: 0.8
title:	HT209107	url:	https://support.apple.com/en-us/HT209107	Trust: 0.8
title:	HT209108	url:	https://support.apple.com/en-us/HT209108	Trust: 0.8
title:	HT209106	url:	https://support.apple.com/ja-jp/HT209106	Trust: 0.8
title:	HT209107	url:	https://support.apple.com/ja-jp/HT209107	Trust: 0.8
title:	HT209108	url:	https://support.apple.com/ja-jp/HT209108	Trust: 0.8
title:	HT209139	url:	https://support.apple.com/ja-jp/HT209139	Trust: 0.8
title:	HT209140	url:	https://support.apple.com/ja-jp/HT209140	Trust: 0.8
title:	HT209141	url:	https://support.apple.com/ja-jp/HT209141	Trust: 0.8
title:	About the security content of iOS 12.0.1	url:	https://support.apple.com/en-us/HT209162	Trust: 0.8
title:	Apple iTunes for Windows , iCloud for Windows and tvOS CoreFoundation Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86550	Trust: 0.6
title:	Apple: iCloud for Windows 7.7	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a068a4723239b07b4826e55318d46252	Trust: 0.1
title:	Apple: iTunes 12.9 for Windows	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d547330f7e2320998d1994ca6405ea4d	Trust: 0.1
title:	Apple: watchOS 5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9f7934fe8c6d67798056f4da8e8790f0	Trust: 0.1
title:	Apple: macOS Mojave 10.14	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b8d65830dc3366732d9f4a144cde5cf4	Trust: 0.1
title:	Apple: tvOS 12	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=cffdc08d95a71866e104f27dafdf5818	Trust: 0.1
title:	Apple: iOS 12	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9859610dae22b7395b3a00be201bcefb	Trust: 0.1

sources: VULMON: CVE-2018-4414 // JVNDB: JVNDB-2018-014892 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-008148 // CNNVD: CNNVD-201810-1581

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4414	Trust: 2.8
db:	JVN	id:	JVNVU99356481	Trust: 1.6
db:	JVN	id:	JVNVU92800088	Trust: 1.6
db:	JVN	id:	JVNVU93341447	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014892	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007762	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-008148	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1581	Trust: 0.7
db:	VULHUB	id:	VHN-134445	Trust: 0.1
db:	VULMON	id:	CVE-2018-4414	Trust: 0.1
db:	PACKETSTORM	id:	150115	Trust: 0.1
db:	PACKETSTORM	id:	150114	Trust: 0.1

sources: VULHUB: VHN-134445 // VULMON: CVE-2018-4414 // JVNDB: JVNDB-2018-014892 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-008148 // PACKETSTORM: 150115 // PACKETSTORM: 150114 // CNNVD: CNNVD-201810-1581 // NVD: CVE-2018-4414

REFERENCES

url:	https://support.apple.com/kb/ht209141	Trust: 1.9
url:	https://support.apple.com/kb/ht209106	Trust: 1.8
url:	https://support.apple.com/kb/ht209107	Trust: 1.8
url:	https://support.apple.com/kb/ht209108	Trust: 1.8
url:	https://support.apple.com/kb/ht209139	Trust: 1.8
url:	https://support.apple.com/kb/ht209140	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4414	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4414	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93341447/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92800088/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu92800088	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4323	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4319	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4318	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4191	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4361	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4412	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4309	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4311	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4315	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4197	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4126	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4345	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4316	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4359	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4317	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4306	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4358	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4312	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4328	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4314	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4360	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4299	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4347	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1

CREDITS

The UK's National Cyber Security Centre (NCSC)

Trust: 0.6

sources: CNNVD: CNNVD-201810-1581

SOURCES

db:	VULHUB	id:	VHN-134445
db:	VULMON	id:	CVE-2018-4414
db:	JVNDB	id:	JVNDB-2018-014892
db:	JVNDB	id:	JVNDB-2018-007762
db:	JVNDB	id:	JVNDB-2018-008148
db:	PACKETSTORM	id:	150115
db:	PACKETSTORM	id:	150114
db:	CNNVD	id:	CNNVD-201810-1581
db:	NVD	id:	CVE-2018-4414

LAST UPDATE DATE

2024-11-23T20:21:06.441000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134445	date:	2019-04-05T00:00:00
db:	VULMON	id:	CVE-2018-4414	date:	2019-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-014892	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-008148	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201810-1581	date:	2019-04-10T00:00:00
db:	NVD	id:	CVE-2018-4414	date:	2024-11-21T04:07:22.070

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134445	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4414	date:	2019-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014892	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-008148	date:	2018-10-10T00:00:00
db:	PACKETSTORM	id:	150115	date:	2018-10-31T16:10:39
db:	PACKETSTORM	id:	150114	date:	2018-10-31T16:10:29
db:	CNNVD	id:	CNNVD-201810-1581	date:	2018-11-02T00:00:00
db:	NVD	id:	CVE-2018-4414	date:	2019-04-03T18:29:14.300