VARIoT IoT vulnerabilities database
| VAR-201810-0562 | CVE-2018-15370 | Cisco Catalyst 6800 For series switch Cisco IOS ROM Monitor Vulnerability related to authorization, authority, and access control in software |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. Cisco Catalyst 6800 Series SupervisorEngine6T and so on are Cisco's switch products. IOSROMMonitor (ROMMON) Software is one of the ROM monitoring software for iOS devices. Cisco IOS ROM Monitor is prone to a local security-bypass vulnerability.
An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
This issue is being tracked by Cisco Bug ID CSCvc16091
| VAR-201810-0340 | CVE-2018-0467 | Cisco IOS XE Software input validation vulnerability |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: HIGH |
A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. Cisco IOS XE The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS Software and IOSXE Software are operating systems developed by Cisco for its network devices
| VAR-201809-0548 | CVE-2018-16672 | CIRCONTROL CirCarLife Vulnerable to information disclosure |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. CIRCONTROL CirCarLife Contains an information disclosure vulnerability.Information may be obtained. Circontrol CirCarLife is a parking lot automation management system developed by Circontrol Spain. There is a security vulnerability in Circontrol CirCarLife versions prior to 4.3. An attacker could exploit this vulnerability to disclose configuration information
| VAR-201904-1469 | CVE-2018-4355 | iOS and macOS Configuration vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. in the United States. Apple iOS is an operating system developed for mobile devices. Apple macOS Mojave is a dedicated operating system developed for Mac computers. iBooks is one of the e-book components. The vulnerability stems from unreasonable file configuration and parameter configuration during the use of network systems or components
| VAR-201904-1465 | CVE-2018-4351 | macOS Vulnerable to memory initialization |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of IntelFBClientControl's doAttribute method. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the kernel. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A resource management error vulnerability exists in the Intel Graphics Driver component of Apple macOS Mojave prior to 10.14. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
| VAR-201904-1464 | CVE-2018-4350 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A buffer error vulnerability exists in the Intel Graphics Driver component of Apple macOS Mojave prior to 10.14. An attacker could exploit this vulnerability to execute arbitrary code with system privileges
| VAR-201904-1463 | CVE-2018-4348 | plural Apple Updates to product vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Has a validation vulnerability due to a flaw in logic handling.Service operation interruption (DoS) There is a possibility of being put into a state. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Login Window is one of the login window components. An input validation error vulnerability exists in the Login Window component of Apple macOS Mojave prior to 10.14. A local attacker could exploit this vulnerability to cause a denial of service
| VAR-201904-1468 | CVE-2018-4354 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.6 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. IOKit is one of the components that read system information. A buffer error vulnerability exists in the IOKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple Watch Series 1 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA
rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC
H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu
Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc
kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W
vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq
qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB
Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a
zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R
ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG
mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs
fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=
=fz+z
-----END PGP SIGNATURE-----
| VAR-201904-1461 | CVE-2018-4346 | plural Apple Updates to product vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Dictionary is one of the dictionary components. A local attacker could exploit this vulnerability to disclose user information
| VAR-201904-1462 | CVE-2018-4347 | plural Apple Vulnerability in using freed memory in products |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple The product is flawed with the use of freed memory due to flaws in handling memory management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. CoreText is one of the typesetting engine components. There are code problem vulnerabilities in the CoreText component in many Apple products, which originate from improper design or implementation problems in the code development process of network systems or products.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: Windows 7 and later
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple Watch Series 1 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA
rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC
H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu
Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc
kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W
vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq
qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB
Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a
zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R
ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG
mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs
fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=
=fz+z
-----END PGP SIGNATURE-----
| VAR-201904-1458 | CVE-2018-4343 | plural Apple Memory corruption vulnerability in products |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Heimdal is one of the anti-malware components. A buffer error vulnerability exists in the Heimdal component of several Apple products. An attacker could exploit this vulnerability to execute arbitrary code with system privileges. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-11 Additional information for
APPLE-SA-2018-9-24-6 tvOS 12
tvOS 12 addresses the following:
Auto Unlock
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Safari
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan
Team
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4323: Ivan Fratric of Google Project Zero
CVE-2018-4328: Ivan Fratric of Google Project Zero
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
CVE-2018-4360: William Bowling (@wcbowling)
Entry added October 30, 2018
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4345: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A cross-site scripting issue existed in Safari.
CVE-2018-4309: an anonymous researcher working with Trend Micro's
Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Assets
We would like to acknowledge Brandon Azad for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, and Zach Malone of CA Technologies for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HjHg/+
Lp4/41SoCVfRStv+eO69W8FCdq8K6+2n60F/pYwb7GlmF5H/Unon0k3PXdDyI/5V
ZkaawvnThzMKS9k2kTb7wgnc8PSB8Ax4HGXBB5puo63L3dPk4fNeNNGOMynZaoKO
i5MzFxji0nldu/Sgyv/zrdM2MKE2MAVGi2O5YH37PirPK84G4STxw7IFtrSEFGBN
QiHbap8Bdjjny7Y1zSIk6CClU6YLpC0E1u8Y6KpmjHn/z4dfKFm9A+CkVuwxymDX
RllmAWdDHU5/u93ZFdfEvnu8lFU4kxW4y0R6IJRjRHoouPI2eI5dwIGzxIv1CPea
1qN6QtRFfv9/JQyWotLFFUEDXrOIed9cVosqmJfUulQkq5a5UqcOWCW/HuQYOn9Y
qd9EPPRS+lzlBQgFF/MBV1dxsp7WdZXPGnkiskzLMEt3CdOmvu2qx1Lc+6ErJZeI
NX8n/CFc16aOS2ltsxx8hX1RWKQ+uZ4Fe4sDOry94wziTPfmAJ0HxR4cTf/KRWuF
DuvZkpYyvGrGQmDB1FBWIIA3TP6zfhNtP6hIo5tLgnZb2HDHYcxO76nPKpGEiLiA
KizL2ExA3Y5ePf4ZKVx4IGqZqhx0sYebHWgXBABu4MjpL7z4A26q05OVAJZf/icr
ssYDTWsZCZr/yz9LEyNJiCWPwqpaAA2VQkMfW3nW/v0=
=6KHo
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201904-1453 | CVE-2018-4401 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. IOUserEthernet is one of the Ethernet components. A buffer error vulnerability exists in the IOUserEthernet component in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple Watch Series 1 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA
rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC
H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu
Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc
kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W
vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq
qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB
Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a
zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R
ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG
mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs
fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=
=fz+z
-----END PGP SIGNATURE-----
| VAR-201904-1451 | CVE-2018-4399 | plural Apple Updates to product vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. An input validation error vulnerability exists in the Kernel component of several Apple products. The vulnerability stems from the failure of the network system or product to properly validate the input data. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple Watch Series 1 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
This was addressed with improved tracking of security origins.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA
rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC
H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu
Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc
kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W
vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq
qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB
Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a
zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R
ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG
mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs
fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=
=fz+z
-----END PGP SIGNATURE-----
| VAR-201904-1448 | CVE-2018-4396 | plural Apple Updates to product vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A security vulnerability exists in the Intel Graphics Driver component of Apple macOS High Sierra version 10.13.6. An attacker could exploit this vulnerability to read restricted memory
| VAR-201904-1445 | CVE-2018-4393 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Mojave Contains a memory corruption vulnerability due to a flaw in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Spotlight is one of the components used to search for files, programs, etc. in the system. A buffer error vulnerability exists in the Spotlight component of Apple macOS Mojave prior to 10.14. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201904-1447 | CVE-2018-4395 | plural Apple Updates to product vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Security is one of the security components. There are security vulnerabilities in the Security component of several Apple products. The vulnerability stems from the failure of the network system or product to properly validate the input data. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple Watch Series 1 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA
rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC
H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu
Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc
kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W
vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq
qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB
Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a
zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R
ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG
mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs
fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=
=fz+z
-----END PGP SIGNATURE-----
| VAR-201904-1437 | CVE-2018-4383 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple The product has a memory corruption vulnerability due to a flaw in processing related to input validation.The memory may be damaged. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. IOKit is one of the components that read system information. A buffer error vulnerability exists in the IOKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Grand Central Dispatch
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad
Entry added October 30, 2018
Heimdal
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
IOHIDFamily
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4383: Apple
Entry added October 30, 2018
IOUserEthernet
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
Entry added October 30, 2018
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel.
CVE-2018-4363: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Entry added October 30, 2018
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has
visited
Description: A consistency issue existed in the handling of
application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert
Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -
Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l
University, Metin Altug Karakaya of Kaliptus Medical Organization,
Vinodh Swami of Western Governor's University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777: Pepi Zawodsky
Symptom Framework
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz
WebKit
Available for: Apple Watch Series 1 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin
Description: The issue was addressed by removing origin information.
CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero
Day Initiative
CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with
Trend Micro's Zero Day Initiative
CVE-2018-4359: Samuel GroA (@5aelo)
WebKit
Available for: Apple Watch Series 1 and later
Impact: A malicious website may cause unexepected cross-origin
behavior
Description: A cross-origin issue existed with "iframe" elements.
CVE-2018-4319: John Pettitt of Google
WebKit
Available for: Apple Watch Series 1 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
WebKit
We would like to acknowledge Tencent Keen Security Lab working with
Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA
rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC
H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu
Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc
kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W
vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq
qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB
Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a
zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R
ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG
mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs
fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=
=fz+z
-----END PGP SIGNATURE-----
| VAR-201904-1456 | CVE-2018-4341 | plural Apple Updates to product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.6 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A buffer error vulnerability exists in the IOKit component of several Apple products.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, and Zach Malone of CA Technologies for their assistance.
Installation note:
Apple TV will periodically check for software updates. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-9 Additional information for
APPLE-SA-2018-9-24-1 macOS Mojave 10.14
macOS Mojave 10.14 addresses the following:
Bluetooth
Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012)
, iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac
(Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015),
Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012)
, Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro
(Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air
(13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air
(13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air
(13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air
(13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro
(15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013),
MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina,
13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
The updates below are available for these Mac models:
MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),
MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),
iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013, Mid 2010, and Mid 2012 models with recommended
Metal-capable graphics processor, including MSI Gaming Radeon RX 560
and Sapphire Radeon PULSE RX 580)
afpserver
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC
Berkeley
Entry added October 30, 2018
App Store
Impact: A malicious application may be able to determine the Apple ID
of the owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID.
CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.
CVE-2018-4417: Lee of the Information Security Lab Yonsei University
working with Trend Micro's Zero Day Initiative
Entry added October 30, 2018
Application Firewall
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.
APR
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2017-12613: Craig Young of Tripwire VERT
CVE-2017-12618: Craig Young of Tripwire VERT
Entry added October 30, 2018
ATS
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend
Micro's Zero Day Initiative
Entry added October 30, 2018
ATS
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4308: Mohamed Ghannam (@_simo36)
Entry added October 30, 2018
Auto Unlock
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
CUPS
Impact: In certain configurations, a remote attacker may be able to
replace the message content from the print server with arbitrary
content
Description: An injection issue was addressed with improved
validation.
CVE-2018-4153: Michael Hanselmann of hansmi.ch
Entry added October 30, 2018
CUPS
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4406: Michael Hanselmann of hansmi.ch
Entry added October 30, 2018
Dictionary
Impact: Parsing a maliciously crafted dictionary file may lead to
disclosure of user information
Description: A validation issue existed which allowed local file
access. This was addressed with input sanitization.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
Hypervisor
Impact: Systems with microprocessors utilizing speculative execution
and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local
user access with guest OS privilege via a terminal page fault and a
side-channel analysis
Description: An information disclosure issue was addressed by
flushing the L1 data cache at the virtual machine entry.
CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas
F. Wenisch of University of Michigan, Mark Silberstein and Marina
Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens
of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu
of Intel Corporation, Yuval Yarom of The University of Adelaide
Entry added October 30, 2018
iBooks
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4396: Yu Wang of Didi Research America
CVE-2018-4418: Yu Wang of Didi Research America
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4350: Yu Wang of Didi Research America
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4334: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4401: Apple
Entry added October 30, 2018
Kernel
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
LibreSSL
Impact: Multiple issues in libressl were addressed in this update
Description: Multiple issues were addressed by updating to libressl
version 2.6.4.
CVE-2015-3194
CVE-2015-5333
CVE-2015-5334
CVE-2016-702
Entry added October 30, 2018
Login Window
Impact: A local user may be able to cause a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Microcode
Impact: Systems with microprocessors utilizing speculative execution
and speculative execution of memory reads before the addresses of all
prior memory writes are known may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that older data read from
recently-written-to addresses cannot be read via a speculative
side-channel.
CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken
Johnson of the Microsoft Security Response Center (MSRC)
Entry added October 30, 2018
Security
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2018-4393: Lufeng Li
Entry added October 30, 2018
Symptom Framework
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
Wi-Fi
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend
Micro's Zero Day Initiative
Entry added October 30, 2018
Additional recognition
Accessibility Framework
We would like to acknowledge Ryan Govostes for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreDAV
We would like to acknowledge an anonymous researcher for their
assistance.
CoreGraphics
We would like to acknowledge Nitin Arya of Roblox Corporation for
their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
IOUSBHostFamily
We would like to acknowledge an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron
Software Systems, and Zbyszek A>>A3Akiewski for their assistance.
Quick Look
We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing
and Patrick Wardle of Digita Security and lokihardt of Google Project
Zero for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Terminal
We would like to acknowledge an anonymous researcher for their
assistance.
WindowServer
We would like to acknowledge Patrick Wardle of Digita Security for
their assistance.
Installation note:
macOS Mojave 10.14 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA
iVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A
zqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr
d9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt
VoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl
WzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL
TecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/
rpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z
w9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl
e2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST
1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu
1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k=
=i9YR
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201904-1422 | CVE-2018-4332 | plural Apple Memory corruption vulnerability in products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. plural Apple The product has a memory corruption vulnerability due to incomplete memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Heimdal is one of the anti-malware components. A buffer error vulnerability exists in the Heimdal component of several Apple products. An attacker could exploit this vulnerability to execute arbitrary code with system privileges.
CVE-2018-4197: Ivan Fratric of Google Project Zero
CVE-2018-4306: Ivan Fratric of Google Project Zero
CVE-2018-4312: Ivan Fratric of Google Project Zero
CVE-2018-4314: Ivan Fratric of Google Project Zero
CVE-2018-4315: Ivan Fratric of Google Project Zero
CVE-2018-4317: Ivan Fratric of Google Project Zero
CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may exfiltrate image data cross-origin
Description: A cross-site scripting issue existed in Safari.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, and Zach Malone of CA Technologies for their assistance.
Installation note:
Apple TV will periodically check for software updates. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-9 Additional information for
APPLE-SA-2018-9-24-1 macOS Mojave 10.14
macOS Mojave 10.14 addresses the following:
Bluetooth
Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012)
, iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac
(Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015),
Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012)
, Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro
(Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air
(13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air
(13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air
(13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air
(13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro
(15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013),
MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina,
13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
The updates below are available for these Mac models:
MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),
MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),
iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013, Mid 2010, and Mid 2012 models with recommended
Metal-capable graphics processor, including MSI Gaming Radeon RX 560
and Sapphire Radeon PULSE RX 580)
afpserver
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC
Berkeley
Entry added October 30, 2018
App Store
Impact: A malicious application may be able to determine the Apple ID
of the owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID.
CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.
CVE-2018-4417: Lee of the Information Security Lab Yonsei University
working with Trend Micro's Zero Day Initiative
Entry added October 30, 2018
Application Firewall
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.
APR
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2017-12613: Craig Young of Tripwire VERT
CVE-2017-12618: Craig Young of Tripwire VERT
Entry added October 30, 2018
ATS
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend
Micro's Zero Day Initiative
Entry added October 30, 2018
ATS
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4308: Mohamed Ghannam (@_simo36)
Entry added October 30, 2018
Auto Unlock
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
CoreFoundation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreFoundation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)
Entry added October 30, 2018
CoreText
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2018-4347: an anonymous researcher
Entry added October 30, 2018
Crash Reporter
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4333: Brandon Azad
CUPS
Impact: In certain configurations, a remote attacker may be able to
replace the message content from the print server with arbitrary
content
Description: An injection issue was addressed with improved
validation.
CVE-2018-4153: Michael Hanselmann of hansmi.ch
Entry added October 30, 2018
CUPS
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4406: Michael Hanselmann of hansmi.ch
Entry added October 30, 2018
Dictionary
Impact: Parsing a maliciously crafted dictionary file may lead to
disclosure of user information
Description: A validation issue existed which allowed local file
access. This was addressed with input sanitization.
CVE-2018-4331: Brandon Azad
CVE-2018-4332: Brandon Azad
CVE-2018-4343: Brandon Azad
Entry added October 30, 2018
Hypervisor
Impact: Systems with microprocessors utilizing speculative execution
and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local
user access with guest OS privilege via a terminal page fault and a
side-channel analysis
Description: An information disclosure issue was addressed by
flushing the L1 data cache at the virtual machine entry.
CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas
F. Wenisch of University of Michigan, Mark Silberstein and Marina
Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens
of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu
of Intel Corporation, Yuval Yarom of The University of Adelaide
Entry added October 30, 2018
iBooks
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4355: evi1m0 of bilibili security team
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4396: Yu Wang of Didi Research America
CVE-2018-4418: Yu Wang of Didi Research America
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4350: Yu Wang of Didi Research America
Entry added October 30, 2018
Intel Graphics Driver
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4334: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
Entry added October 30, 2018
IOKit
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4401: Apple
Entry added October 30, 2018
Kernel
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Entry added October 30, 2018
Kernel
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
CVE-2018-4336: Brandon Azad
CVE-2018-4337: Ian Beer of Google Project Zero
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
LibreSSL
Impact: Multiple issues in libressl were addressed in this update
Description: Multiple issues were addressed by updating to libressl
version 2.6.4.
CVE-2015-3194
CVE-2015-5333
CVE-2015-5334
CVE-2016-702
Entry added October 30, 2018
Login Window
Impact: A local user may be able to cause a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
Entry added October 30, 2018
MediaRemote
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Entry added October 30, 2018
Microcode
Impact: Systems with microprocessors utilizing speculative execution
and speculative execution of memory reads before the addresses of all
prior memory writes are known may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that older data read from
recently-written-to addresses cannot be read via a speculative
side-channel.
CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken
Johnson of the Microsoft Security Response Center (MSRC)
Entry added October 30, 2018
Security
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Entry added October 30, 2018
Security
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2018-4393: Lufeng Li
Entry added October 30, 2018
Symptom Framework
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October 30, 2018
Text
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)
Entry added October 30, 2018
Wi-Fi
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend
Micro's Zero Day Initiative
Entry added October 30, 2018
Additional recognition
Accessibility Framework
We would like to acknowledge Ryan Govostes for their assistance.
Core Data
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
CoreDAV
We would like to acknowledge an anonymous researcher for their
assistance.
CoreGraphics
We would like to acknowledge Nitin Arya of Roblox Corporation for
their assistance.
CoreSymbolication
We would like to acknowledge Brandon Azad for their assistance.
IOUSBHostFamily
We would like to acknowledge an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron
Software Systems, and Zbyszek A>>A3Akiewski for their assistance.
Quick Look
We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing
and Patrick Wardle of Digita Security and lokihardt of Google Project
Zero for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
SQLite
We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security
Labs GmbH for their assistance.
Terminal
We would like to acknowledge an anonymous researcher for their
assistance.
WindowServer
We would like to acknowledge Patrick Wardle of Digita Security for
their assistance.
Installation note:
macOS Mojave 10.14 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA
iVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A
zqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr
d9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt
VoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl
WzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL
TecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/
rpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z
w9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl
e2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST
1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu
1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k=
=i9YR
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201904-1429 | CVE-2018-4340 | plural Apple Updates to product vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. A buffer error vulnerability exists in the Kernel component of several Apple products.
WebKit
We would like to acknowledge Cary Hartline, Hanming Zhang from 360
Vuclan team, and Zach Malone of CA Technologies for their assistance.
Installation note:
Apple TV will periodically check for software updates. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001
High Sierra, Security Update 2018-005 Sierra
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra are now available and address
the following:
afpserver
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC
Berkeley
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4410: an anonymous researcher working with Trend Micro's
Zero Day Initiative
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4417: Lee of the Information Security Lab Yonsei University
working with Trend Micro's Zero Day Initiative
APR
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2017-12613: Craig Young of Tripwire VERT
CVE-2017-12618: Craig Young of Tripwire VERT
ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend
Micro's Zero Day Initiative
ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4308: Mohamed Ghannam (@_simo36)
CFNetwork
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
CoreAnimation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam
Secure Disclosure
CoreCrypto
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum
CoreFoundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: In certain configurations, a remote attacker may be able to
replace the message content from the print server with arbitrary
content
Description: An injection issue was addressed with improved
validation.
CVE-2018-4153: Michael Hanselmann of hansmi.ch
CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4406: Michael Hanselmann of hansmi.ch
Dictionary
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Parsing a maliciously crafted dictionary file may lead to
disclosure of user information
Description: A validation issue existed which allowed local file
access. This was addressed with input sanitization.
CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing
Dock
Available for: macOS Mojave 10.14
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed by removing additional
entitlements.
CVE-2018-4403: Patrick Wardle of Digita Security
dyld
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4423: an anonymous researcher
EFI
Available for: macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and speculative execution of memory reads before the addresses of all
prior memory writes are known may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that older data read from
recently-written-to addresses cannot be read via a speculative
side-channel.
CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken
Johnson of the Microsoft Security Response Center (MSRC)
EFI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: A local user may be able to modify protected parts of the
file system
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4342: Timothy Perfitt of Twocanoes Software
Foundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4426: Brandon Azad
Heimdal
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad
Hypervisor
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local
user access with guest OS privilege via a terminal page fault and a
side-channel analysis
Description: An information disclosure issue was addressed by
flushing the L1 data cache at the virtual machine entry.
CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas
F. Wenisch of University of Michigan, Mark Silberstein and Marina
Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens
of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu
of Intel Corporation, Yuval Yarom of The University of Adelaide
Hypervisor
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team
ICU
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher
Intel Graphics Driver
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4334: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4396: Yu Wang of Didi Research America
CVE-2018-4418: Yu Wang of Didi Research America
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4350: Yu Wang of Didi Research America
IOGraphics
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4422: an anonymous researcher working with Trend Micro's
Zero Day Initiative
IOHIDFamily
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero
IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team
IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero
IOUserEthernet
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple
IPSec
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel
Available for: macOS High Sierra 10.13.6
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4419: Mohamed Ghannam (@_simo36)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative
Kernel
Available for: macOS Sierra 10.12.6
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Kernel
Available for: macOS Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4424: Dr. Silvio Cesare of InfoSect
Login Window
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A local user may be able to cause a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of
MWR InfoSecurity
Mail
Available for: macOS Mojave 10.14
Impact: Processing a maliciously crafted mail message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar
Gislason of Syndis
mDNSOffloadUserClient
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
MediaRemote
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Microcode
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Systems with microprocessors utilizing speculative execution
and that perform speculative reads of system registers may allow
unauthorized disclosure of system parameters to an attacker with
local user access via a side-channel analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that implementation specific system
registers cannot be leaked via a speculative execution side-channel.
CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone),
Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com)
NetworkExtension
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher
Perl
Available for: macOS Sierra 10.12.6
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2018-6797: Brian Carpenter
Ruby
Available for: macOS Sierra 10.12.6
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple issues in Ruby were addressed in this update.
CVE-2017-898
CVE-2017-10784
CVE-2017-14033
CVE-2017-14064
CVE-2017-17405
CVE-2017-17742
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security
Spotlight
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4393: Lufeng Li
Symptom Framework
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
WiFi
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Calendar
We would like to acknowledge an anonymous researcher for their
assistance.
iBooks
We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool
ICT for their assistance.
Kernel
We would like to acknowledge Brandon Azad for their assistance.
LaunchServices
We would like to acknowledge Alok Menghrajani of Square for their
assistance.
Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.
Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.
Terminal
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ//
QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS
tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+
2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO
HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir
zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL
LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN
2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod
TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw
TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I
LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S
t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8=
=uhgi
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-10-30-9 Additional information for
APPLE-SA-2018-9-24-1 macOS Mojave 10.14
macOS Mojave 10.14 addresses the following:
Bluetooth
Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012)
, iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac
(Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015),
Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012)
, Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro
(Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air
(13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air
(13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air
(13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air
(13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro
(15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013),
MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina,
13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth.
CVE-2018-5383: Lior Neumann and Eli Biham
The updates below are available for these Mac models:
MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),
MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),
iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013, Mid 2010, and Mid 2012 models with recommended
Metal-capable graphics processor, including MSI Gaming Radeon RX 560
and Sapphire Radeon PULSE RX 580)
afpserver
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.
CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.
CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend
Micro's Zero Day Initiative
Entry added October 30, 2018
Additional recognition
Accessibility Framework
We would like to acknowledge Ryan Govostes for their assistance.
Mail
We would like to acknowledge Alessandro Avagliano of Rocket Internet
SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron
Software Systems, and Zbyszek A>>A3Akiewski for their assistance.
Security
We would like to acknowledge Christoph Sinai, Daniel Dudek
(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)
of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of
Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson
Ding, and an anonymous researcher for their assistance.
Alternatively, on your watch, select "My Watch > General > About"