Sign-up

ID

VAR-201904-1380


CVE

CVE-2018-4420


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple Because the product contains vulnerable code, a memory corruption vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. A buffer error vulnerability exists in the Kernel component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-4 watchOS 5.1 watchOS 5.1 is now available and addresses the following: AppleAVD Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4384: Natalie Silvanovich of Google Project Zero CoreCrypto Available for: Apple Watch Series 1 and later Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum ICU Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4394: an anonymous researcher IPSec Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36) Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4419: Mohamed Ghannam (@_simo36) NetworkExtension Available for: Apple Watch Series 1 and later Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-4369: an anonymous researcher Safari Reader Available for: Apple Watch Series 1 and later Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2018-4374: Ryan Pickren (ryanpickren.com) Safari Reader Available for: Apple Watch Series 1 and later Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2018-4377: Ryan Pickren (ryanpickren.com) Security Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro's Zero Day Initiative CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative CVE-2018-4382: lokihardt of Google Project Zero CVE-2018-4386: lokihardt of Google Project Zero CVE-2018-4392: zhunki of 360 ESG Codesafe Team CVE-2018-4416: lokihardt of Google Project Zero WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe Team WiFi Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Certificate Signing We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for their assistance. Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EA8g/+ Ll91rTID6pn6oncXh+evrELJOBBZwZZh2mRNHh/yFK2bIt7v6MLas+ez9cDh8SXE dvS5EeIBwNDr7drVbk14JOLADKsDcJUEfCUHCno1iJfAzIQC5N+eJyzgNZlOlzXG 8sNKn7gv2VxVW6CXKbSSX2VgyZ+UUIpU6Bmoj4ZsasycBLBNG6ZC+07ZAZfxBpL4 jcJz1Zq0ZueaxwV+21Are/51pMzC3tHuO77BTWCV8OTLROi72BuvfLtIcLG0HkRS nKsB3Qt6NcwuzvPR0HedCWsH+2DR3fyHNkHou47KM0vlW5BmgvVXj6KOTMvVm3o0 3WegNySOTPKyUdVWNQWm/n3TqwuT7Ahpfb+tg0nCQ+7cS7DukFfHET++J21ihNpG YHUqa/dCnvNj+F7aUHwsW9aL7ZXsJphyRBhG5896z56N5diSPQ2rAnszgvGVNyEW PXEVCFcOOGuxvkN20LP+/EawOb/NTp2JlL5HexzBpYmH88GMjIN1pYQmG4izSG3M P0uQTui3aBE39wR2BwUSkI0PVxmumqDGKPk+exyxExcOuPPQo2OwIxki8az2taMf 6iFjZWyIeS5ZwHy8XOca7Oe+4yM8WLnfPiX34JkdH5a0hsC1Y/e6E5IhGwpNcpnt q3709XOMbW2YjH1WyGrjUGgrrOJbq3Y5XM7dvkuXsuY= =m0yh -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2018-4420 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014861 // VULHUB: VHN-134451 // VULMON: CVE-2018-4420 // PACKETSTORM: 150105 // PACKETSTORM: 150107

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 (apple watch series 1 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014861 // NVD: CVE-2018-4420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4420
value: HIGH

Trust: 1.0

NVD: CVE-2018-4420
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1522
value: HIGH

Trust: 0.6

VULHUB: VHN-134451
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4420
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4420
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134451
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4420
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134451 // VULMON: CVE-2018-4420 // JVNDB: JVNDB-2018-014861 // CNNVD: CNNVD-201810-1522 // NVD: CVE-2018-4420

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134451 // JVNDB: JVNDB-2018-014861 // NVD: CVE-2018-4420

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1522

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1522

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008908

PATCH
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 1.6
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 1.6
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 1.6
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 1.6
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title:HT209192url:https://support.apple.com/ja-jp/HT209192
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:HT209194url:https://support.apple.com/ja-jp/HT209194
Trust: 0.8
title:HT209195url:https://support.apple.com/ja-jp/HT209195
Trust: 0.8
title:Multiple Apple product Kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86500
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014861 // 
            
            
            
            CNNVD: CNNVD-201810-1522

EXTERNAL IDS
db:NVDid:CVE-2018-4420
Trust: 2.8
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:JVNDBid:JVNDB-2018-014861
Trust: 0.8
db:CNNVDid:CNNVD-201810-1522
Trust: 0.7
db:VULHUBid:VHN-134451
Trust: 0.1
db:VULMONid:CVE-2018-4420
Trust: 0.1
db:PACKETSTORMid:150105
Trust: 0.1
db:PACKETSTORMid:150107
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134451 // 
            
            
            
            VULMON: CVE-2018-4420 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014861 // 
            
            
            
            PACKETSTORM: 150105 // 
            
            
            
            PACKETSTORM: 150107 // 
            
            
            
            CNNVD: CNNVD-201810-1522 // 
            
            
            
            NVD: CVE-2018-4420

REFERENCES
url:https://support.apple.com/kb/ht209192
Trust: 1.8
url:https://support.apple.com/kb/ht209193
Trust: 1.8
url:https://support.apple.com/kb/ht209194
Trust: 1.8
url:https://support.apple.com/kb/ht209195
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4420
Trust: 1.6
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4420
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht201222
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4398
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4371
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4369
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4394
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4372
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4419
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4413
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4378
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4382
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4386
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4392
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4416
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4368
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/bugtraq/2018/oct/49
Trust: 0.1
url:https://support.apple.com/kb/ht204641
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4400
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4377
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4375
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4384
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4376
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4373
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4374
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4409
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134451 // 
            
            
            
            VULMON: CVE-2018-4420 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014861 // 
            
            
            
            PACKETSTORM: 150105 // 
            
            
            
            PACKETSTORM: 150107 // 
            
            
            
            CNNVD: CNNVD-201810-1522 // 
            
            
            
            NVD: CVE-2018-4420

CREDITS
Mohamed Ghannam (@_simo36)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201810-1522

SOURCES
db:VULHUBid:VHN-134451
db:VULMONid:CVE-2018-4420
db:JVNDBid:JVNDB-2018-008908
db:JVNDBid:JVNDB-2018-014861
db:PACKETSTORMid:150105
db:PACKETSTORMid:150107
db:CNNVDid:CNNVD-201810-1522
db:NVDid:CVE-2018-4420

LAST UPDATE DATE
2024-11-23T19:39:25.583000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134451date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4420date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014861date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201810-1522date:2019-04-10T00:00:00
db:NVDid:CVE-2018-4420date:2024-11-21T04:07:22.740

SOURCES RELEASE DATE
db:VULHUBid:VHN-134451date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4420date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014861date:2019-04-17T00:00:00
db:PACKETSTORMid:150105date:2018-10-31T15:49:11
db:PACKETSTORMid:150107date:2018-10-31T15:49:54
db:CNNVDid:CNNVD-201810-1522date:2018-10-31T00:00:00
db:NVDid:CVE-2018-4420date:2019-04-03T18:29:14.847