VARIoT IoT vulnerabilities database
| VAR-201904-1444 | CVE-2018-4392 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple There are multiple memory corruption vulnerabilities in the product due to flaws in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
A cross-site scripting issue existed in WebKit. This issue was
addressed with improved URL validation.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
| VAR-201904-1432 | CVE-2018-4377 | plural Apple Updates to product vulnerabilities |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple The product includes URL A cross-site scripting vulnerability exists due to a lack of validation processing.Information may be obtained and information may be altered. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Safari Reader is one of the browser's built-in reader components. A security vulnerability exists in the Safari Reader component of several Apple products. A remote attacker could use a specially crafted webpage to exploit this vulnerability to carry out a cross-site scripting attack.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to cause a denial of service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
CommonCrypto
We would like to acknowledge an anonymous researcher for their
assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
| VAR-201904-1440 | CVE-2018-4386 |
plural Apple Updates to product vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201811-0193 |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
A cross-site scripting issue existed in WebKit. This issue was
addressed with improved URL validation.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
| VAR-201904-1431 | CVE-2018-4376 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CSS counters. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
A cross-site scripting issue existed in WebKit. This issue was
addressed with improved URL validation.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
| VAR-201904-1436 | CVE-2018-4382 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
A cross-site scripting issue existed in WebKit. This issue was
addressed with improved URL validation.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
| VAR-201904-1430 | CVE-2018-4375 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of FrameLoader objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
A cross-site scripting issue existed in WebKit. This issue was
addressed with improved URL validation.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
| VAR-201904-1433 | CVE-2018-4378 | plural Apple Memory corruption vulnerability in products |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. plural Apple The product has a memory corruption vulnerability due to a lack of validation.The memory may be damaged. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
A cross-site scripting issue existed in WebKit.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
| VAR-201904-1387 | CVE-2018-4427 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple The product has a memory corruption vulnerability due to incomplete memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iOS is an operating system developed by Apple for mobile devices. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component. A security vulnerability exists in the IOHIDFamily component in Apple iOS versions prior to 12.1. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
CVE-2018-4462: Lilang Wu and Moony Li of TrendMicro Mobile Security
Research Team
Carbon Core
Available for: macOS Mojave 10.14.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4463: Maksymilian Arciemowicz (cxsecurity.com)
Disk Images
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4465: Pangu Team
Intel Graphics Driver
Available for: macOS Mojave 10.14.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4434: Zhuo Liang of Qihoo 360 Nirvan Team
IOHIDFamily
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
Kernel
Available for: macOS Mojave 10.14.1
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed by removing the
vulnerable code.
CVE-2018-4460: Kevin Backhouse of Semmle Security Research Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.1
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4431: An independent security researcher has reported this
vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4435: Jann Horn of Google Project Zero, Juwei Lin(@panicaII)
and Junzhi Lu of TrendMicro Mobile Security Team
Kernel
Available for: macOS Mojave 10.14.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4461: Ian Beer of Google Project Zero
WindowServer
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4449: Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin
Security Research Lab
CVE-2018-4450: Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin
Security Research Lab
Additional recognition
LibreSSL
We would like to acknowledge Keegan Ryan of NCC Group for their
assistance.
NetAuth
We would like to acknowledge Vladimir Ivanov of Digital Security for
their assistance.
Simple certificate enrollment protocol (SCEP)
We would like to acknowledge Tim Cappalli of Aruba and a Hewlett
Packard Enterprise company for their assistance.
Installation note:
macOS Mojave 10.14.2, Security Update 2018-003 High Sierra,
Security Update 2018-006 Sierra may be
obtained from the Mac App Store or Apple's Software Downloads
web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlwINzopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FxTw//
fUx30FH3eQXRRc/dlM5LgBdDqx/TOHtSwjiTLkVRHC1czz9ledAmHmGkg00z6b+p
5LsZNaZRUF3FVxuWUcm0rQQ+MpSj+BpCDZX0X+pXHX+QvNjad8ZcQsIqjtnJ1omZ
jr2eUQtnkmbnaFX+TiesIN8tGBQ2Gve1/fqzrXdpqlF6j9U76gw4djI4JbAnLGxH
IzjIp1FukQy1phfZZcHd++aEHvsQeJ0bT0INajqtNOkDQSZ0H7/NIW1BoUQlcpLG
cqz+dwTYFwfqvNUmQ5PUTFXQJHxiVBRgMDdyesrVSKSuvEqTNAQKCOXMxayVbotf
LBlghqpPr2XTS7enRkY87BU+aSdTTzjTX7fvQBOQgAJPb7L3FXhA/dCTHWV3RyWY
1qrTFOIvbfAtCjsBIqHC0nD5GWXB7vuxPvcYQXlNYl/MxMv3vAANHi8aI+YJ8Usp
6qLLD02Z4H4E8ZpmakqqFJT6ORGUIBpvqG9rYxhACTe/z2uqZ7scD4I4crpfPIIk
WRyh17q87z+dTCIS4P9PbYdrx7Y8SHN8K9uaBmZVq9WqaAVtCet9S0zNBrLai2Sj
ar3y5Sgso7RMI5KhB0IGNyS2LZL0a3ypQVfVEWpxoRjIHyI2sJSPAuXOLrwV6pRU
+61jWoLyn0cbMWMEhfrw/ulTOcMBjIXV7EHZNge8H5Ex+L
-----END PGP SIGNATURE-----
| VAR-201904-1384 | CVE-2018-4424 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Mojave Contains a buffer overflow vulnerability due to a flaw in the size validation process.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Kernel is one of the kernel components. A buffer error vulnerability exists in the Kernel component of Apple macOS Mojave prior to 10.14.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201904-1383 | CVE-2018-4423 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Mojave Contains a logic vulnerability due to a lack of validation processing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. dyld is one of the cache file components. An input validation error vulnerability exists in the dyld component of Apple macOS Mojave prior to 10.14.1. The vulnerability stems from the failure of the network system or product to properly validate the input data
| VAR-201904-1382 | CVE-2018-4422 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Mojave Contains a memory corruption vulnerability due to a flaw in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the IOFramebufferUserClient IOkit user client. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code as the kernel. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. IOGraphics is one of the input and output graphics components. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201904-1379 | CVE-2018-4419 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernels in several Apple products have security vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-4 watchOS 5.1
watchOS 5.1 is now available and addresses the following:
AppleAVD
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
CoreCrypto
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
ICU
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IPSec
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
NetworkExtension
Available for: Apple Watch Series 1 and later
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EA8g/+
Ll91rTID6pn6oncXh+evrELJOBBZwZZh2mRNHh/yFK2bIt7v6MLas+ez9cDh8SXE
dvS5EeIBwNDr7drVbk14JOLADKsDcJUEfCUHCno1iJfAzIQC5N+eJyzgNZlOlzXG
8sNKn7gv2VxVW6CXKbSSX2VgyZ+UUIpU6Bmoj4ZsasycBLBNG6ZC+07ZAZfxBpL4
jcJz1Zq0ZueaxwV+21Are/51pMzC3tHuO77BTWCV8OTLROi72BuvfLtIcLG0HkRS
nKsB3Qt6NcwuzvPR0HedCWsH+2DR3fyHNkHou47KM0vlW5BmgvVXj6KOTMvVm3o0
3WegNySOTPKyUdVWNQWm/n3TqwuT7Ahpfb+tg0nCQ+7cS7DukFfHET++J21ihNpG
YHUqa/dCnvNj+F7aUHwsW9aL7ZXsJphyRBhG5896z56N5diSPQ2rAnszgvGVNyEW
PXEVCFcOOGuxvkN20LP+/EawOb/NTp2JlL5HexzBpYmH88GMjIN1pYQmG4izSG3M
P0uQTui3aBE39wR2BwUSkI0PVxmumqDGKPk+exyxExcOuPPQo2OwIxki8az2taMf
6iFjZWyIeS5ZwHy8XOca7Oe+4yM8WLnfPiX34JkdH5a0hsC1Y/e6E5IhGwpNcpnt
q3709XOMbW2YjH1WyGrjUGgrrOJbq3Y5XM7dvkuXsuY=
=m0yh
-----END PGP SIGNATURE-----
| VAR-201904-1375 | CVE-2018-4415 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. CoreAnimation is one of the animation processing API components. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201904-1380 | CVE-2018-4420 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple Because the product contains vulnerable code, a memory corruption vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. A buffer error vulnerability exists in the Kernel component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-4 watchOS 5.1
watchOS 5.1 is now available and addresses the following:
AppleAVD
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
CoreCrypto
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
ICU
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IPSec
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
NetworkExtension
Available for: Apple Watch Series 1 and later
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: Apple Watch Series 1 and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EA8g/+
Ll91rTID6pn6oncXh+evrELJOBBZwZZh2mRNHh/yFK2bIt7v6MLas+ez9cDh8SXE
dvS5EeIBwNDr7drVbk14JOLADKsDcJUEfCUHCno1iJfAzIQC5N+eJyzgNZlOlzXG
8sNKn7gv2VxVW6CXKbSSX2VgyZ+UUIpU6Bmoj4ZsasycBLBNG6ZC+07ZAZfxBpL4
jcJz1Zq0ZueaxwV+21Are/51pMzC3tHuO77BTWCV8OTLROi72BuvfLtIcLG0HkRS
nKsB3Qt6NcwuzvPR0HedCWsH+2DR3fyHNkHou47KM0vlW5BmgvVXj6KOTMvVm3o0
3WegNySOTPKyUdVWNQWm/n3TqwuT7Ahpfb+tg0nCQ+7cS7DukFfHET++J21ihNpG
YHUqa/dCnvNj+F7aUHwsW9aL7ZXsJphyRBhG5896z56N5diSPQ2rAnszgvGVNyEW
PXEVCFcOOGuxvkN20LP+/EawOb/NTp2JlL5HexzBpYmH88GMjIN1pYQmG4izSG3M
P0uQTui3aBE39wR2BwUSkI0PVxmumqDGKPk+exyxExcOuPPQo2OwIxki8az2taMf
6iFjZWyIeS5ZwHy8XOca7Oe+4yM8WLnfPiX34JkdH5a0hsC1Y/e6E5IhGwpNcpnt
q3709XOMbW2YjH1WyGrjUGgrrOJbq3Y5XM7dvkuXsuY=
=m0yh
-----END PGP SIGNATURE-----
| VAR-201904-1368 | CVE-2018-4408 | plural Apple Memory corruption vulnerability in products |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. plural Apple The product has a memory corruption vulnerability due to incomplete processing related to input validation.The memory may be damaged. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component. A buffer error vulnerability exists in the IOHIDFamily component in several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201904-1373 | CVE-2018-4413 | plural Apple Updates to product vulnerabilities |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the sysctl_procargsx system call. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges in the context of the kernel. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. A buffer error vulnerability exists in the Kernel component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to cause a denial of service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
CommonCrypto
We would like to acknowledge an anonymous researcher for their
assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
| VAR-201904-1369 | CVE-2018-4409 | plural Apple Product validation vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. plural Apple The product has a flaw in resource validation due to flaws in processing related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to cause a denial of service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
CommonCrypto
We would like to acknowledge an anonymous researcher for their
assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
| VAR-201904-1359 | CVE-2018-4291 | plural Apple Updates to product vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001
High Sierra, Security Update 2018-005 Sierra
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra are now available and address
the following:
afpserver
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC
Berkeley
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4410: an anonymous researcher working with Trend Micro's
Zero Day Initiative
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4417: Lee of the Information Security Lab Yonsei University
working with Trend Micro's Zero Day Initiative
APR
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2017-12613: Craig Young of Tripwire VERT
CVE-2017-12618: Craig Young of Tripwire VERT
ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend
Micro's Zero Day Initiative
ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4308: Mohamed Ghannam (@_simo36)
CFNetwork
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
CoreAnimation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam
Secure Disclosure
CoreCrypto
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
CoreFoundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: In certain configurations, a remote attacker may be able to
replace the message content from the print server with arbitrary
content
Description: An injection issue was addressed with improved
validation.
CVE-2018-4153: Michael Hanselmann of hansmi.ch
CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4406: Michael Hanselmann of hansmi.ch
Dictionary
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Parsing a maliciously crafted dictionary file may lead to
disclosure of user information
Description: A validation issue existed which allowed local file
access. This was addressed with input sanitization.
CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing
Dock
Available for: macOS Mojave 10.14
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed by removing additional
entitlements.
CVE-2018-4423: an anonymous researcher
EFI
Available for: macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and speculative execution of memory reads before the addresses of all
prior memory writes are known may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that older data read from
recently-written-to addresses cannot be read via a speculative
side-channel.
CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken
Johnson of the Microsoft Security Response Center (MSRC)
EFI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: A local user may be able to modify protected parts of the
file system
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4342: Timothy Perfitt of Twocanoes Software
Foundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Grand Central Dispatch
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Heimdal
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
Hypervisor
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local
user access with guest OS privilege via a terminal page fault and a
side-channel analysis
Description: An information disclosure issue was addressed by
flushing the L1 data cache at the virtual machine entry.
CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas
F. Wenisch of University of Michigan, Mark Silberstein and Marina
Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens
of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu
of Intel Corporation, Yuval Yarom of The University of Adelaide
Hypervisor
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team
ICU
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
Intel Graphics Driver
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4334: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4396: Yu Wang of Didi Research America
CVE-2018-4418: Yu Wang of Didi Research America
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4350: Yu Wang of Didi Research America
IOGraphics
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4422: an anonymous researcher working with Trend Micro's
Zero Day Initiative
IOHIDFamily
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team
IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
IOUserEthernet
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
IPSec
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: macOS High Sierra 10.13.6
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4419: Mohamed Ghannam (@_simo36)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Kernel
Available for: macOS Sierra 10.12.6
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Kernel
Available for: macOS Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4424: Dr. Silvio Cesare of InfoSect
Login Window
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A local user may be able to cause a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of
MWR InfoSecurity
Mail
Available for: macOS Mojave 10.14
Impact: Processing a maliciously crafted mail message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar
Gislason of Syndis
mDNSOffloadUserClient
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
MediaRemote
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Microcode
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Systems with microprocessors utilizing speculative execution
and that perform speculative reads of system registers may allow
unauthorized disclosure of system parameters to an attacker with
local user access via a side-channel analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that implementation specific system
registers cannot be leaked via a speculative execution side-channel.
CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone),
Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com)
NetworkExtension
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-6797: Brian Carpenter
Ruby
Available for: macOS Sierra 10.12.6
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple issues in Ruby were addressed in this update.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
CVE-2018-4395: Patrick Wardle of Digita Security
Spotlight
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4393: Lufeng Li
Symptom Framework
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
WiFi
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Calendar
We would like to acknowledge an anonymous researcher for their
assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
LaunchServices
We would like to acknowledge Alok Menghrajani of Square for their
assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Terminal
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ//
QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS
tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+
2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO
HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir
zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL
LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN
2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod
TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw
TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I
LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S
t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8=
=uhgi
-----END PGP SIGNATURE-----
.
CVE-2018-4285: Mohamed Ghannam (@_simo36)
Bluetooth
Available for: MacBook Pro (15-inch, 2018), and MacBook Pro
(13-inch, 2018, Four Thunderbolt 3 Ports)
Other Mac models were addressed with macOS High Sierra 10.13.5. Lazy restored states are
potentially vulnerable to exploits where one process may infer
register values of other processes through a speculative execution
side channel that infers their value
| VAR-201904-1376 | CVE-2018-4416 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. WebKit is one of the web browser engine components. tvOS is a smart TV operating system. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. A security vulnerability exists in the WebKit component of several Apple products.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
Installation note:
Safari 12.0.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-1 iOS 12.1
iOS 12.1 is now available and addresses the following:
AppleAVD
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing malicious video via FaceTime may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4365: an anonymous researcher
CoreCrypto
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4366: Natalie Silvanovich of Google Project Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4367: Natalie Silvanovich of Google Project Zero
Graphics Driver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4384: Natalie Silvanovich of Google Project Zero
ICU
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
IOHIDFamily
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4427: Pangu Team
IPSec
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
CVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter
NetworkExtension
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Notes
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to share items from the lock
screen
Description: A lock screen issue allowed access to the share function
on a locked device. This issue was addressed by restricting options
offered on a locked device.
CVE-2018-4388: videosdebarraquito
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
VoiceOver
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local attacker may be able to view photos from the lock
screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device.
CVE-2018-4387: videosdebarraquito
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A logic issue was addressed with improved state
management.
CVE-2018-4385: an anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team
WiFi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HpTw/7
Bkh9bUEddgGUejpnjO1DRiBlHUDQMssF7nG2LM5JOcCDoLkeHSdcr86KnR7VEyYp
qSllLijO9ZzrLtJuZSEelDCi+eL1Ojk3kP/6ZeMRIxDkYItR7EFWQUK71wcInk5k
qPZp2FnKU3qx0Ax7wzQi3GTQk8CZCVWcuCzh0UA0Nc3rgk0bf29+7AKmgiTaT2Ra
Yo4bRIXRuyi+jE39hN4x41vwjSbaxr5EZb9rvL5HT6Idipcoc9aS+sDbsscXjz/5
9WHlwAB5mxeqO3vY5WNlLhOUXXqMVRfPC/qxQocl86r2AE9jJedQFl/p9qpG59we
FrAejzKTU+1GpI4dGY6puAJval5DlcedWBxsyBxFAT04HdY0pfgF4zpFDTHRj6no
HnEvtF+pNgqX2OTTLCXtMG4r5c7b1yrOPYkM6FS+BjLV2H0X9n3PpvX0qvAqSTn3
RGbkJqHFV4G/DwsWUQQOOXNCthEwhzbT2n7mc+rCtN1WPUu99fGGZusMAqetmVvl
hgUIVPp9+ZHs64BlTzD+xu8e6jyoJ8YoPD9a/r+ENXxHJz6Mr8Jd/E2ZesN5tWpi
sO3ajUx/d158T4jfAvIE8tJGungUgehPVIIR5120nYxHc6gMUAYzirwFptfvSpb8
HWzMnE69KcP9Lnhtgp7fRv+HKpJmrsjOLKyldZzjZlA=
=cetI
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
------------------------------------------------------------------------
Date reported : November 21, 2018
Advisory ID : WSA-2018-0008
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
CVE-2018-4416.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
CVE-2018-4345
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to an anonymous researcher.
A cross-site scripting issue existed in WebKit. This issue was
addressed with improved URL validation.
CVE-2018-4372
Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
2.22.2.
Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4373
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
Microys Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4375
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4376
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to 010 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4378
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to code
execution.
CVE-2018-4382
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4386
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
2.22.1.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4392
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to zhunki of 360 ESG Codesafe Team.
Processing maliciously crafted web content may lead to arbitrary
code execution.
CVE-2018-4416
Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
2.22.0.
Credit to lokihardt of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution.
We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK+ and WPE WebKit team,
November 21, 2018
| VAR-201904-1356 | CVE-2018-4288 | plural Apple Updates to product vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001
High Sierra, Security Update 2018-005 Sierra
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra are now available and address
the following:
afpserver
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC
Berkeley
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4410: an anonymous researcher working with Trend Micro's
Zero Day Initiative
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4417: Lee of the Information Security Lab Yonsei University
working with Trend Micro's Zero Day Initiative
APR
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2017-12613: Craig Young of Tripwire VERT
CVE-2017-12618: Craig Young of Tripwire VERT
ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend
Micro's Zero Day Initiative
ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4308: Mohamed Ghannam (@_simo36)
CFNetwork
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
CoreAnimation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam
Secure Disclosure
CoreCrypto
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
CoreFoundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: In certain configurations, a remote attacker may be able to
replace the message content from the print server with arbitrary
content
Description: An injection issue was addressed with improved
validation.
CVE-2018-4153: Michael Hanselmann of hansmi.ch
CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4406: Michael Hanselmann of hansmi.ch
Dictionary
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Parsing a maliciously crafted dictionary file may lead to
disclosure of user information
Description: A validation issue existed which allowed local file
access. This was addressed with input sanitization.
CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing
Dock
Available for: macOS Mojave 10.14
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed by removing additional
entitlements.
CVE-2018-4423: an anonymous researcher
EFI
Available for: macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and speculative execution of memory reads before the addresses of all
prior memory writes are known may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that older data read from
recently-written-to addresses cannot be read via a speculative
side-channel.
CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken
Johnson of the Microsoft Security Response Center (MSRC)
EFI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: A local user may be able to modify protected parts of the
file system
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4342: Timothy Perfitt of Twocanoes Software
Foundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Grand Central Dispatch
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Heimdal
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
Hypervisor
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local
user access with guest OS privilege via a terminal page fault and a
side-channel analysis
Description: An information disclosure issue was addressed by
flushing the L1 data cache at the virtual machine entry.
CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas
F. Wenisch of University of Michigan, Mark Silberstein and Marina
Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens
of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu
of Intel Corporation, Yuval Yarom of The University of Adelaide
Hypervisor
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team
ICU
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
Intel Graphics Driver
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4334: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4396: Yu Wang of Didi Research America
CVE-2018-4418: Yu Wang of Didi Research America
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4350: Yu Wang of Didi Research America
IOGraphics
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4422: an anonymous researcher working with Trend Micro's
Zero Day Initiative
IOHIDFamily
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team
IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
IOUserEthernet
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
IPSec
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: macOS High Sierra 10.13.6
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4419: Mohamed Ghannam (@_simo36)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Kernel
Available for: macOS Sierra 10.12.6
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Kernel
Available for: macOS Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4424: Dr. Silvio Cesare of InfoSect
Login Window
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A local user may be able to cause a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of
MWR InfoSecurity
Mail
Available for: macOS Mojave 10.14
Impact: Processing a maliciously crafted mail message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar
Gislason of Syndis
mDNSOffloadUserClient
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
MediaRemote
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Microcode
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Systems with microprocessors utilizing speculative execution
and that perform speculative reads of system registers may allow
unauthorized disclosure of system parameters to an attacker with
local user access via a side-channel analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that implementation specific system
registers cannot be leaked via a speculative execution side-channel.
CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone),
Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com)
NetworkExtension
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-6797: Brian Carpenter
Ruby
Available for: macOS Sierra 10.12.6
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple issues in Ruby were addressed in this update.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
CVE-2018-4395: Patrick Wardle of Digita Security
Spotlight
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4393: Lufeng Li
Symptom Framework
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
WiFi
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Calendar
We would like to acknowledge an anonymous researcher for their
assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
LaunchServices
We would like to acknowledge Alok Menghrajani of Square for their
assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Terminal
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ//
QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS
tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+
2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO
HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir
zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL
LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN
2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod
TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw
TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I
LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S
t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8=
=uhgi
-----END PGP SIGNATURE-----
.
CVE-2018-4285: Mohamed Ghannam (@_simo36)
Bluetooth
Available for: MacBook Pro (15-inch, 2018), and MacBook Pro
(13-inch, 2018, Four Thunderbolt 3 Ports)
Other Mac models were addressed with macOS High Sierra 10.13.5. Lazy restored states are
potentially vulnerable to exploits where one process may infer
register values of other processes through a speculative execution
side channel that infers their value