VARIoT IoT vulnerabilities database
| VAR-201804-1176 | CVE-2018-4116 | Apple Safari of Safari Component address bar spoofing vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A security vulnerability exists in Safari components in versions of Apple Safari prior to 11.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-6 Safari 11.1
Safari 11.1 is now available and addresses the following:
Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a maliciously crafted website may lead to a
cross-site scripting attack
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2018-4133: Anton Lopanitsyn of Wallarm, Linus SA$?rud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9Gl8pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYFUQ//
QO1Al/D5ErPzNtbiQEnmPD4O5JMl/mz+ztGEkncEBWZiq9/4X0B1WLr+Ve/hF4l2
mkDPU2EEcPTg/pDvyeYnh4xKCcCScgUHpwdqAmtECG4C59IH+uL1PCbi2UDVZ6Jg
W/xpP3DFykn1e2/R5ZE1iObZc+jLz5Rta3k0/Z0v5YhXY7x+vtMhSMh3HTPhy28T
eoHRY0W9iWZUCkuKV0ugCGGsnrx5awbz4rHBdGCewEWeUrk5+h6Mwo6sJTAoO+0E
nVKdRu0hvU1RzZSn3eiLSvo5qVNNT6bK7hf1P3eMUdJ7e5/unIIE6WXo8ox5iyRB
sdNqI8K/HuBzcpKggXFAjVce+CDc5LVd2Kf1g/ymqejHqGp3VEhGY8FwJRTFBenm
svzGQLGAFpg2bl3oKt9RCfQG/NGWjg2HTgp4eHDqEeqkQNENxjDAMYYm3Z7O2ODI
JzaHXunbltbUNzgzfUzfGX/xtDmnNczijYd1vpIc9C1l0nv620HW3aOqv1vP2bxT
JQFWwoZiJ7plmgRXLzBR2lvcyEfNWOE466yF+QIo5iBWOeGrBZqb5dYkqEskrDFk
4ju2DsG61j+aK5flU5C7Z6JZLGVBEOm+2OuUu+O4+aboHV0mEDcitl7RUFUWfW2d
p5479DG4FgkWaZZH9I7eC2xMrPDspLU7Jscg6UCpeyQ=
=D/co
-----END PGP SIGNATURE-----
| VAR-201804-1180 | CVE-2018-4120 | plural Apple Used in products, etc. Webkit Arbitrary code execution vulnerabilities in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.3; Safari prior to 11.1; Windows-based iCloud prior to 7.4; Windows-based iTunes prior to 12.7.4; tvOS prior to 11.3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-3 tvOS 11.3
tvOS 11.3 is now available and addresses the following:
CoreFoundation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlwpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZZFxAA
y83tGHgdOMiUzTJ9w6jeb3ZsCsWehnJx4DrcBpcooPFijU69eBgbrM5d7BaN7jPZ
rttzw3P5nm74c0V5SBI3rAHdPz0aK6uvci2kpHOGGcgpJLpaX5woj2hMmwEmlVwp
q8bfFY1CkLrC69vIs0zu55MS8UFwSGzYUH575mo8kzBj1ieKGlf7BaU4axqSJdkI
Mx5KzRPtUOza/xBU9NWMpOYdrX8mWDpCYXenQ4yPeTjeiFAgqibHEwauXkRoZZ/k
qCZpzSVvPFvwfWRvHdoUC7qINKChDkjh3oD46cGf139jaoOf7L/IebmWIaPMVAqv
BdTQi1mPE5ZK70/DznZfHy69xhFYO+MS53A0RyXZBZtZ7Vn4008rWINYSf/Q/X3m
cStsCvSqZOtGLj0irfI3wyoPBltD3HX7eB2sCO6sJ3IFKOdzBoAL0HBdDP+4GCuU
A2JQafdU2OsOlIYesmRRQicS10eo49By0ezEJ3hubUQWS82AkOtgyFIYurfENyD8
PHu4ajHfp/fNCn3f18I3DTPMro0ekxvvbKXTlVsD6X1rWMCz6toeaMX8pXd3EZPZ
gnADdxpKc0nBFPoR07My7HISTSEDgwRcJdr2Xwf/ZoAxyR9HLIGRhiJFekCZbAsY
PQ3rZOaPjuOvA09T8CN+seOQq/IGEO/VB9LIrBgJNs4=
=KWP9
-----END PGP SIGNATURE-----
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1165 | CVE-2018-4165 | plural Apple Used in products Webkit Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.3; Safari prior to 11.1; Windows-based iCloud prior to 7.4; Windows-based iTunes prior to 12.7.4; tvOS prior to 11.3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-3 tvOS 11.3
tvOS 11.3 is now available and addresses the following:
CoreFoundation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlwpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZZFxAA
y83tGHgdOMiUzTJ9w6jeb3ZsCsWehnJx4DrcBpcooPFijU69eBgbrM5d7BaN7jPZ
rttzw3P5nm74c0V5SBI3rAHdPz0aK6uvci2kpHOGGcgpJLpaX5woj2hMmwEmlVwp
q8bfFY1CkLrC69vIs0zu55MS8UFwSGzYUH575mo8kzBj1ieKGlf7BaU4axqSJdkI
Mx5KzRPtUOza/xBU9NWMpOYdrX8mWDpCYXenQ4yPeTjeiFAgqibHEwauXkRoZZ/k
qCZpzSVvPFvwfWRvHdoUC7qINKChDkjh3oD46cGf139jaoOf7L/IebmWIaPMVAqv
BdTQi1mPE5ZK70/DznZfHy69xhFYO+MS53A0RyXZBZtZ7Vn4008rWINYSf/Q/X3m
cStsCvSqZOtGLj0irfI3wyoPBltD3HX7eB2sCO6sJ3IFKOdzBoAL0HBdDP+4GCuU
A2JQafdU2OsOlIYesmRRQicS10eo49By0ezEJ3hubUQWS82AkOtgyFIYurfENyD8
PHu4ajHfp/fNCn3f18I3DTPMro0ekxvvbKXTlVsD6X1rWMCz6toeaMX8pXd3EZPZ
gnADdxpKc0nBFPoR07My7HISTSEDgwRcJdr2Xwf/ZoAxyR9HLIGRhiJFekCZbAsY
PQ3rZOaPjuOvA09T8CN+seOQq/IGEO/VB9LIrBgJNs4=
=KWP9
-----END PGP SIGNATURE-----
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1167 | CVE-2018-4167 | plural Apple Arbitrary code execution vulnerability in privileged context in product filesystem event component |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: All Apple Watch models
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
WebKit
Available for: All Apple Watch models
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
| VAR-201804-1166 | CVE-2018-4166 | plural Apple Product NSURLSession Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. NSURLSession is one of the network session layer components. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: All Apple Watch models
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
WebKit
Available for: All Apple Watch models
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
| VAR-201804-1225 | CVE-2018-4113 | Multiple Apple product WebKit Security hole |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. An attacker can exploit this vulnerability to cause an assertion to fail. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1156 | CVE-2018-4155 | plural Apple Product CoreFoundation Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. CoreFoundation is one of the core functional components. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: All Apple Watch models
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
WebKit
Available for: All Apple Watch models
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
| VAR-201804-1158 | CVE-2018-4157 | plural Apple Product Quick Look component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: All Apple Watch models
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
WebKit
Available for: All Apple Watch models
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
| VAR-201804-1185 | CVE-2018-4125 | plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: All Apple Watch models
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
WebKit
Available for: All Apple Watch models
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1177 | CVE-2018-4117 | plural Apple Used in products WebKit Component fetch API Vulnerabilities that bypass the same origin policy |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Google Chrome is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions. Information obtained may aid in further attacks.
Versions prior to Chrome 68.0.3440.75 are vulnerable. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. Description: A cross-site scripting issue
existed in WebKit. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4256-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
July 26, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151
CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155
CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164
CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168
CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176
CVE-2018-6177 CVE-2018-6178 CVE-2018-6179
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2018-6044
Rob Wu discovered a way to escalate privileges using extensions.
CVE-2018-6150
Rob Wu discovered an information disclosure issue (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).
CVE-2018-6151
Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).
CVE-2018-6152
Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).
CVE-2018-6153
Zhen Zhou discovered a buffer overflow issue in the skia library.
CVE-2018-6158
Zhe Jin discovered a use-after-free issue.
CVE-2018-6159
Jun Kokatsu discovered a way to bypass the same origin policy.
CVE-2018-6161
Jun Kokatsu discovered a way to bypass the same origin policy.
CVE-2018-6164
Jun Kokatsu discovered a way to bypass the same origin policy.
CVE-2018-6168
Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
Origin Resource Sharing policy.
CVE-2018-6169
Sam P discovered a way to bypass permissions when installing
extensions.
CVE-2018-6174
Mark Brand discovered an integer overflow issue in the swiftshader
library.
CVE-2018-6176
Jann Horn discovered a way to escalate privileges using extensions.
CVE-2018-6177
Ron Masas discovered an information leak.
CVE-2018-6178
Khalil Zhani discovered a user interface spoofing issue.
CVE-2018-6179
It was discovered that information about files local to the system
could be leaked to extensions.
This version also fixes a regression introduced in the previous security
update that could prevent decoding of particular audio/video codecs.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaqvAACgkQuNayzQLW
9HN1Tx//TF/lR0JT7+g9ZV4C8b9QUjd8RziW1x3Dr1c6FdO01qRzRTmuolgGkd16
irPIel0bnvM7Q707UaX3YlfP9teWThneAXl69wPxg4l/cD6KQy6TYyxY3VzvUiYO
7q1cEixQDqnB2w7sdT2vpg0xc9a8NR5Bgraf+GPUm72R7HHlRHL9G0hVYozjERz/
s09oGrou9neITKMEu7KBPONpWXR8UTJuaCDRW39TeafRVJHDhXUg4wZQihStBMN3
vSNOIhS4TbpFCZqpJRijGh2W2wIz72zq9Fk+FgwDF9cm2Z6aeh/HwGUNFo9IGfc1
e6FnCDTVp3SxJmYdKZSmnqM87+uKBx135G7Y3nVFXZbsUlGuifa4YGNQkkSgr0Be
K2B2dkPDwrFJpJuO2E43q66su2/bAoD/pUC/51Rb+WQBMBfmjZ3vQN9cUybH6Ove
VLRRkv9ADFpHgZ2JcRdKcVFMQRoBZ9gPr7oWeC/f4CjYSJl0ZCrq+0zCO0LUl0/H
QE2Wf0kDDJggsftQfwLwi2LokXNB7VtO3y57RsGB5Mrx/vfy8lB/7p5WAW9c0OJq
C/XUmowWn7PP0s5RyWU0m0w5ioIgDVy+OH5pNsO68L1RZUwaFwRvmaiEbipBr00a
CO7XCQkokcaHm4iXx2aPIwj9ndbtYOu7ve/6BxZhbCgzeVlJiUCcLARHNpagyBOv
WQ43ymkLPYc/RurSQbrn/JVEoCXRpOvTUrPPt7S2shBJfsU9kN5k34s8oN7ytFll
cU6DwGY7n4EDd3sbB3oRwSdu8WGEKK6hDqTo9dPEy8x6owiyUqLFs1+aBjUeoQxQ
80PM0g2Qqdqk/aYgJU243UH3Wx63cCubowDkRnXxGlIxbTl1Wfi5GlmXIrKXQBl9
os4xcpEXTYkghQHzAwi6++cbVLTS4/MNV2S9SfriTEr39jPt0hscFhldg9cnJcGC
nHBt6QDrr/GzObSxhxOl82viimrmt6N8AZpfu6xGtf+XIwk/Kz8wI15MJN5TOnR7
l+2U0I3vzW4BBTR9qfFpaXr4WCelsVstJMmdMspTQLeea83rCdX2IzH7mIgg3pRl
6tWqesRJGUa/JgsTMMz26o9GM+hlpSsm1qsFuGLI3pOC+nBZYaFlQAORx+kgOdvf
hnXPVcYLQBNkFForr92CikMziCYlxPUiUSNDRNRAJ7ksDxsknkuaLx1tV/WY6tvv
ELlY4nH9DD7fqhtecCCvsor9A3F+pswb661m0uYyTlmOx4b2SJizybgud+SZ09O1
v5XJQX795NDf0Mvsn0hM/judmojCRfw8M6tkhUfIP6YIlKYJ7TWhRBBNudyMSbjZ
3/DBJTGBplvJm/5iIODSqHWu1ZQS7A==
=tUJt
-----END PGP SIGNATURE-----
. Summary:
An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 68.0.3440.75.
Security Fix(es):
* chromium-browser: Stack buffer overflow in Skia (CVE-2018-6153)
* chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6154)
* chromium-browser: Use after free in WebRTC (CVE-2018-6155)
* chromium-browser: Heap buffer overflow in WebRTC (CVE-2018-6156)
* chromium-browser: Type confusion in WebRTC (CVE-2018-6157)
* chromium-browser: Cross origin information disclosure in Service Workers
(CVE-2018-6150)
* chromium-browser: Bad cast in DevTools (CVE-2018-6151)
* chromium-browser: Local file write in DevTools (CVE-2018-6152)
* chromium-browser: Use after free in Blink (CVE-2018-6158)
* chromium-browser: Same origin policy bypass in ServiceWorker
(CVE-2018-6159)
* chromium-browser: Same origin policy bypass in WebAudio (CVE-2018-6161)
* chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6162)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6163)
* chromium-browser: Same origin policy bypass in ServiceWorker
(CVE-2018-6164)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6165)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6166)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6167)
* chromium-browser: CORS bypass in Blink (CVE-2018-6168)
* chromium-browser: Permissions bypass in extension installation
(CVE-2018-6169)
* chromium-browser: Type confusion in PDFium (CVE-2018-6170)
* chromium-browser: Use after free in WebBluetooth (CVE-2018-6171)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6172)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6173)
* chromium-browser: Integer overflow in SwiftShader (CVE-2018-6174)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6175)
* chromium-browser: Local user privilege escalation in Extensions
(CVE-2018-6176)
* chromium-browser: Cross origin information leak in Blink (CVE-2018-4117)
* chromium-browser: Request privilege escalation in Extensions
(CVE-2018-6044)
* chromium-browser: Cross origin information leak in Blink (CVE-2018-6177)
* chromium-browser: UI spoof in Extensions (CVE-2018-6178)
* chromium-browser: Local file information leak in Extensions
(CVE-2018-6179)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1608177 - CVE-2018-6153 chromium-browser: Stack buffer overflow in Skia
1608178 - CVE-2018-6154 chromium-browser: Heap buffer overflow in WebGL
1608179 - CVE-2018-6155 chromium-browser: Use after free in WebRTC
1608180 - CVE-2018-6156 chromium-browser: Heap buffer overflow in WebRTC
1608181 - CVE-2018-6157 chromium-browser: Type confusion in WebRTC
1608182 - CVE-2018-6158 chromium-browser: Use after free in Blink
1608183 - CVE-2018-6159 chromium-browser: Same origin policy bypass in ServiceWorker
1608185 - CVE-2018-6161 chromium-browser: Same origin policy bypass in WebAudio
1608186 - CVE-2018-6162 chromium-browser: Heap buffer overflow in WebGL
1608187 - CVE-2018-6163 chromium-browser: URL spoof in Omnibox
1608188 - CVE-2018-6164 chromium-browser: Same origin policy bypass in ServiceWorker
1608189 - CVE-2018-6165 chromium-browser: URL spoof in Omnibox
1608190 - CVE-2018-6166 chromium-browser: URL spoof in Omnibox
1608191 - CVE-2018-6167 chromium-browser: URL spoof in Omnibox
1608192 - CVE-2018-6168 chromium-browser: CORS bypass in Blink
1608193 - CVE-2018-6169 chromium-browser: Permissions bypass in extension installation
1608194 - CVE-2018-6170 chromium-browser: Type confusion in PDFium
1608195 - CVE-2018-6171 chromium-browser: Use after free in WebBluetooth
1608196 - CVE-2018-6172 chromium-browser: URL spoof in Omnibox
1608197 - CVE-2018-6173 chromium-browser: URL spoof in Omnibox
1608198 - CVE-2018-6174 chromium-browser: Integer overflow in SwiftShader
1608199 - CVE-2018-6175 chromium-browser: URL spoof in Omnibox
1608200 - CVE-2018-6176 chromium-browser: Local user privilege escalation in Extensions
1608201 - CVE-2018-6177 chromium-browser: Cross origin information leak in Blink
1608202 - CVE-2018-6178 chromium-browser: UI spoof in Extensions
1608203 - CVE-2018-6179 chromium-browser: Local file information leak in Extensions
1608204 - CVE-2018-6044 chromium-browser: Request privilege escalation in Extensions
1608205 - CVE-2018-4117 chromium-browser: Cross origin information leak in Blink
1608206 - CVE-2018-6150 chromium-browser: Cross origin information disclosure in Service Workers
1608207 - CVE-2018-6151 chromium-browser: Bad cast in DevTools
1608208 - CVE-2018-6152 chromium-browser: Local file write in DevTools
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm
x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm
x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm
x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-4117
https://access.redhat.com/security/cve/CVE-2018-6044
https://access.redhat.com/security/cve/CVE-2018-6150
https://access.redhat.com/security/cve/CVE-2018-6151
https://access.redhat.com/security/cve/CVE-2018-6152
https://access.redhat.com/security/cve/CVE-2018-6153
https://access.redhat.com/security/cve/CVE-2018-6154
https://access.redhat.com/security/cve/CVE-2018-6155
https://access.redhat.com/security/cve/CVE-2018-6156
https://access.redhat.com/security/cve/CVE-2018-6157
https://access.redhat.com/security/cve/CVE-2018-6158
https://access.redhat.com/security/cve/CVE-2018-6159
https://access.redhat.com/security/cve/CVE-2018-6161
https://access.redhat.com/security/cve/CVE-2018-6162
https://access.redhat.com/security/cve/CVE-2018-6163
https://access.redhat.com/security/cve/CVE-2018-6164
https://access.redhat.com/security/cve/CVE-2018-6165
https://access.redhat.com/security/cve/CVE-2018-6166
https://access.redhat.com/security/cve/CVE-2018-6167
https://access.redhat.com/security/cve/CVE-2018-6168
https://access.redhat.com/security/cve/CVE-2018-6169
https://access.redhat.com/security/cve/CVE-2018-6170
https://access.redhat.com/security/cve/CVE-2018-6171
https://access.redhat.com/security/cve/CVE-2018-6172
https://access.redhat.com/security/cve/CVE-2018-6173
https://access.redhat.com/security/cve/CVE-2018-6174
https://access.redhat.com/security/cve/CVE-2018-6175
https://access.redhat.com/security/cve/CVE-2018-6176
https://access.redhat.com/security/cve/CVE-2018-6177
https://access.redhat.com/security/cve/CVE-2018-6178
https://access.redhat.com/security/cve/CVE-2018-6179
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBW18qZtzjgjWX9erEAQhZ2w/+O2aOCGCk2DIKqwT/ErfmvasFiNz7u8I1
+yPMYTQ1NFrs8cjt/ym7PH50aFOMS/YO3n/YL5ROLzoDW/PqXvJdxvi9opWG958V
ftc20yBBa4EdJExqkKQYefxg9qD4emt6jkVBzSd/xZ3XcF50oKBG0m1aEPmCzM/G
+o3ohQPiKgAMXJMtqTvSXxy1dV0LuoFOWYS6FPrO2F2MzY0Vd8/GXP1bnxqqqYxT
ohA0f2yoPWVGzQQBRGCeHvTjv6Mt0PdGejKAoUxptgXenOQ9xAyRBuhSBkvBXAAN
3m+pEmWpHdOdEWoiIx07QcaH408ji+gs2oMSybS16PUwe9VsuOOJBOgFSLjxdb3d
bzUjIKZHHscjxA1KIVtAx2JdqTLUKlSjSvaaZxa5d/wFq2UticBM8+EotuIOdE5J
6BVLVX+0GUCizPNbgC2f4i2G3xd60uiym9KP70Z7X+W7vMl9qXcab+GOJCAufwY8
+dfchywwsT19FdQLBJEjKPm7b33FNdr0oLvg6D5RK4pdJMYiEXoCt6ElLBBQzSEA
3vXsagWAaeDEBsLeDNapkLh1BHUx86iMVLGUtiwFgbtAXg7Jbz82AHZmtwT1bf6I
KR7aOFFs2zKjRSuQDQZlOPNQVCt04+NbMZYEw6cHIT/+wX7ZrXaNZp+4tTo9gnOf
R1+VLpZrH1Q=jHL1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 68.0.3440.75 >= 68.0.3440.75
2 www-client/google-chrome
< 68.0.3440.75 >= 68.0.3440.75
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers and Google Chrome
Releases for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-68.0.3440.75"
All Google Chrome users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/google-chrome-68.0.3440.75"
References
==========
[ 1 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 2 ] CVE-2018-6044
https://nvd.nist.gov/vuln/detail/CVE-2018-6044
[ 3 ] CVE-2018-6150
https://nvd.nist.gov/vuln/detail/CVE-2018-6150
[ 4 ] CVE-2018-6151
https://nvd.nist.gov/vuln/detail/CVE-2018-6151
[ 5 ] CVE-2018-6152
https://nvd.nist.gov/vuln/detail/CVE-2018-6152
[ 6 ] CVE-2018-6153
https://nvd.nist.gov/vuln/detail/CVE-2018-6153
[ 7 ] CVE-2018-6154
https://nvd.nist.gov/vuln/detail/CVE-2018-6154
[ 8 ] CVE-2018-6155
https://nvd.nist.gov/vuln/detail/CVE-2018-6155
[ 9 ] CVE-2018-6156
https://nvd.nist.gov/vuln/detail/CVE-2018-6156
[ 10 ] CVE-2018-6157
https://nvd.nist.gov/vuln/detail/CVE-2018-6157
[ 11 ] CVE-2018-6158
https://nvd.nist.gov/vuln/detail/CVE-2018-6158
[ 12 ] CVE-2018-6159
https://nvd.nist.gov/vuln/detail/CVE-2018-6159
[ 13 ] CVE-2018-6160
https://nvd.nist.gov/vuln/detail/CVE-2018-6160
[ 14 ] CVE-2018-6161
https://nvd.nist.gov/vuln/detail/CVE-2018-6161
[ 15 ] CVE-2018-6162
https://nvd.nist.gov/vuln/detail/CVE-2018-6162
[ 16 ] CVE-2018-6163
https://nvd.nist.gov/vuln/detail/CVE-2018-6163
[ 17 ] CVE-2018-6164
https://nvd.nist.gov/vuln/detail/CVE-2018-6164
[ 18 ] CVE-2018-6165
https://nvd.nist.gov/vuln/detail/CVE-2018-6165
[ 19 ] CVE-2018-6166
https://nvd.nist.gov/vuln/detail/CVE-2018-6166
[ 20 ] CVE-2018-6167
https://nvd.nist.gov/vuln/detail/CVE-2018-6167
[ 21 ] CVE-2018-6168
https://nvd.nist.gov/vuln/detail/CVE-2018-6168
[ 22 ] CVE-2018-6169
https://nvd.nist.gov/vuln/detail/CVE-2018-6169
[ 23 ] CVE-2018-6170
https://nvd.nist.gov/vuln/detail/CVE-2018-6170
[ 24 ] CVE-2018-6171
https://nvd.nist.gov/vuln/detail/CVE-2018-6171
[ 25 ] CVE-2018-6172
https://nvd.nist.gov/vuln/detail/CVE-2018-6172
[ 26 ] CVE-2018-6173
https://nvd.nist.gov/vuln/detail/CVE-2018-6173
[ 27 ] CVE-2018-6174
https://nvd.nist.gov/vuln/detail/CVE-2018-6174
[ 28 ] CVE-2018-6175
https://nvd.nist.gov/vuln/detail/CVE-2018-6175
[ 29 ] CVE-2018-6176
https://nvd.nist.gov/vuln/detail/CVE-2018-6176
[ 30 ] CVE-2018-6177
https://nvd.nist.gov/vuln/detail/CVE-2018-6177
[ 31 ] CVE-2018-6178
https://nvd.nist.gov/vuln/detail/CVE-2018-6178
[ 32 ] CVE-2018-6179
https://nvd.nist.gov/vuln/detail/CVE-2018-6179
[ 33 ] CVE-2108-6150
https://nvd.nist.gov/vuln/detail/CVE-2108-6150
[ 34 ] Google Chrome 68.0.3440.75 release announcement
https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-201804-1163 | CVE-2018-4163 | Apple Safari Math sqrt Type Confusion Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1182 | CVE-2018-4122 | plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1161 | CVE-2018-4161 | plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1162 | CVE-2018-4162 | plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of comparison operators in JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1216 | CVE-2018-4104 | plural Apple Vulnerability in the kernel component of the product that bypasses memory read restrictions |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. plural Apple A vulnerability exists in the product kernel component that bypasses memory read restrictions.An attacker could bypass the memory read limit through a crafted application. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
| VAR-201804-1196 | CVE-2018-4137 | Apple iOS and Safari of Safari Login AutoFill Vulnerability in reading autocompleted data in components |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement. Both Apple iOS and Safari are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a maliciously crafted website may lead to a
cross-site scripting attack
Description: A cross-site scripting issue existed in Safari.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1189 | CVE-2018-4130 | plural Apple Used in products Webkit Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WebGL. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.3; Safari prior to 11.1; Windows-based iCloud prior to 7.4; Windows-based iTunes prior to 12.7.4; tvOS prior to 11.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1214 | CVE-2018-4101 | plural Apple Used in products Webkit Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
.
Installation note:
Safari 11.1 may be obtained from the Mac App Store
| VAR-201804-1175 | CVE-2018-4115 | plural Apple Vulnerability that bypasses access restrictions in product system configuration components |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence. plural Apple There is a vulnerability in the system configuration component of the product that prevents access restrictions.An attacker could circumvent access restrictions by using an inappropriate configuration profile. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and products are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
| VAR-201804-1152 | CVE-2018-4150 | plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----