Details of VAR-201904-1475

ID

VAR-201904-1475

CVE

CVE-2018-4361

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008148

DESCRIPTION

A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. An attacker could exploit this vulnerability to cause an assertion failure (memory consumption). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-24-6 Additional information for APPLE-SA-2018-9-17-3 tvOS 12 tvOS 12 addresses the following: Auto Unlock Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Entry added September 24, 2018 Bluetooth Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham iTunes Store Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) Entry added September 24, 2018 Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Safari Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4345: an anonymous researcher Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative Entry added September 24, 2018 WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by Google OSS-Fuzz Entry added September 24, 2018 Additional recognition Assets We would like to acknowledge Brandon Azad for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUMACgkQeC9tht7T K3H35Q//UwJyTZpRVx33z/T3GxYfFX9dxg2fwdkVFxCGWR/yGCL/pMwNH/UwerQH qcdzG3VopySXXJy/goEJD+w+f8QNtueysfE7+MrYvogVD1OVALDc0xaZvudKmSoo d0APBDtlkkLn4evwwpIYfl6Ikje/j40ZOfzSZ8+9hsoq6b+tkhSo8UC+hphUBi4L lMshXi5OmekimBWgGdPGN77UQoFAJriMQHLppQ4x46qHuiMSAKHeCz+AdL4Xk1dh fzdbizI4p7CssUzJHOPU61NPB28AoPsVJ8yEQpKDvHcnkPxtgtAzoIBWl0MwUCXg OaT+8poN/HsMVJYtM2vi322IJGfMtcWtU/TJ1TbhAih6Bal2paIEj4zBirEXc9sF dQyWB+EB8h+g4MtXyo6ax7OyO3UmRsISyCQhCNKWhXjTt4/9Q6xMbGxfW6X7EtHN mgM/74rqkM53Tfy3kqywBDi90v4aNMUGdbYcK3YJldayW++K2J6OtxZZmflfYkbU GTnAaEFIa0dLX/e+uqGRtz2F0K8mr9/9VwiwrH3et2FALvU6RyFLX7jqnKFyGpUp LdXH6Mz6xBYS7Rg2vKVjUsHXlutpknmDxyx8Orirgb2gNHN97w8GDCnmOAd2euoL HZdlwhs4SLaLqyNegbG3y3MD7gK8oRTZx3tXeJRmYV6UGp+d9QI= =pj7d -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About". CVE-2018-4329: Hugo S. CVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com) Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. Installation note: Safari 12 may be obtained from the Mac App Store

Trust: 2.43

sources: NVD: CVE-2018-4361 // JVNDB: JVNDB-2018-008148 // VULHUB: VHN-134392 // VULMON: CVE-2018-4361 // PACKETSTORM: 150115 // PACKETSTORM: 149516 // PACKETSTORM: 150114 // PACKETSTORM: 149511 // PACKETSTORM: 149515 // PACKETSTORM: 149513 // PACKETSTORM: 149722

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	12	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	5.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.7	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.9	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.7 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.0.1 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2018-008148 // NVD: CVE-2018-4361

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4361
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201809-1165
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134392
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4361
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4361
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-134392
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4361
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-134392 // VULMON: CVE-2018-4361 // CNNVD: CNNVD-201809-1165 // NVD: CVE-2018-4361

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.1

sources: VULHUB: VHN-134392 // NVD: CVE-2018-4361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1165

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1165

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008148

PATCH

title:	About the security content of iCloud for Windows 7.7	url:	https://support.apple.com/en-us/HT209141	Trust: 0.8
title:	About the security content of iOS 12.0.1	url:	https://support.apple.com/en-us/HT209162	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85199	Trust: 0.6
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3781-1	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/apple-releases-security-updates-for-ios-and-icloud-fixes-passcode-bypass/	Trust: 0.1

sources: VULMON: CVE-2018-4361 // CNNVD: CNNVD-201809-1165 // JVNDB: JVNDB-2018-008148

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4361	Trust: 2.5
db:	JVN	id:	JVNVU92800088	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-008148	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-1165	Trust: 0.7
db:	VULHUB	id:	VHN-134392	Trust: 0.1
db:	VULMON	id:	CVE-2018-4361	Trust: 0.1
db:	PACKETSTORM	id:	150115	Trust: 0.1
db:	PACKETSTORM	id:	149516	Trust: 0.1
db:	PACKETSTORM	id:	150114	Trust: 0.1
db:	PACKETSTORM	id:	149511	Trust: 0.1
db:	PACKETSTORM	id:	149515	Trust: 0.1
db:	PACKETSTORM	id:	149513	Trust: 0.1
db:	PACKETSTORM	id:	149722	Trust: 0.1

sources: VULHUB: VHN-134392 // VULMON: CVE-2018-4361 // PACKETSTORM: 150115 // PACKETSTORM: 149516 // PACKETSTORM: 150114 // PACKETSTORM: 149511 // PACKETSTORM: 149515 // PACKETSTORM: 149513 // PACKETSTORM: 149722 // CNNVD: CNNVD-201809-1165 // JVNDB: JVNDB-2018-008148 // NVD: CVE-2018-4361

REFERENCES

url:	https://support.apple.com/ht209106	Trust: 1.8
url:	https://support.apple.com/ht209107	Trust: 1.8
url:	https://support.apple.com/ht209108	Trust: 1.8
url:	https://support.apple.com/ht209109	Trust: 1.8
url:	https://support.apple.com/ht209140	Trust: 1.8
url:	https://support.apple.com/ht209141	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4361	Trust: 1.3
url:	http://jvn.jp/cert/jvnvu92800088	Trust: 0.8
url:	https://support.apple.com/kb/ht201222	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4191	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4359	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4358	Trust: 0.7
url:	https://www.apple.com/support/security/pgp/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4299	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4323	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4319	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4318	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4309	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4311	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4315	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4197	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4345	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4316	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4317	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4306	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4312	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4328	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4314	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4360	Trust: 0.3
url:	https://support.apple.com/ht204283	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4412	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4414	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4126	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4347	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4336	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4305	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4344	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4313	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1777	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4363	Trust: 0.2
url:	https://www.apple.com/itunes/download/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2018/sep/45	Trust: 0.1
url:	https://usn.ubuntu.com/3781-1/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4321	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4307	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4329	Trust: 0.1
url:	https://www.tencent.com)	Trust: 0.1

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 150115 // PACKETSTORM: 149516 // PACKETSTORM: 150114 // PACKETSTORM: 149511 // PACKETSTORM: 149515 // PACKETSTORM: 149513 // PACKETSTORM: 149722

SOURCES

db:	VULHUB	id:	VHN-134392
db:	VULMON	id:	CVE-2018-4361
db:	PACKETSTORM	id:	150115
db:	PACKETSTORM	id:	149516
db:	PACKETSTORM	id:	150114
db:	PACKETSTORM	id:	149511
db:	PACKETSTORM	id:	149515
db:	PACKETSTORM	id:	149513
db:	PACKETSTORM	id:	149722
db:	CNNVD	id:	CNNVD-201809-1165
db:	JVNDB	id:	JVNDB-2018-008148
db:	NVD	id:	CVE-2018-4361

LAST UPDATE DATE

2026-03-29T21:19:23.384000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134392	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-4361	date:	2019-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201809-1165	date:	2019-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-008148	date:	2018-10-10T00:00:00
db:	NVD	id:	CVE-2018-4361	date:	2024-11-21T04:07:15.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134392	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4361	date:	2019-04-03T00:00:00
db:	PACKETSTORM	id:	150115	date:	2018-10-31T16:10:39
db:	PACKETSTORM	id:	149516	date:	2018-09-25T16:32:23
db:	PACKETSTORM	id:	150114	date:	2018-10-31T16:10:29
db:	PACKETSTORM	id:	149511	date:	2018-09-25T16:20:49
db:	PACKETSTORM	id:	149515	date:	2018-09-25T16:31:15
db:	PACKETSTORM	id:	149513	date:	2018-09-25T16:25:47
db:	PACKETSTORM	id:	149722	date:	2018-10-09T16:58:43
db:	CNNVD	id:	CNNVD-201809-1165	date:	2018-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-008148	date:	2018-10-10T00:00:00
db:	NVD	id:	CVE-2018-4361	date:	2019-04-03T18:29:10.393