VARIoT IoT vulnerabilities database

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. Wago 750 series PLC Vulnerabilities exist in the firmware of improper shutdown and release of resources.Service operation interruption (DoS) There is a possibility of being put into a state. 750-880, 750-881, 750-852, etc. are all WAGO750 series Ethernet switches. The WAGO750 series has a denial of service vulnerability that can be exploited to cause a denial of service state to communicate with debug and service tools. Multiple WAGO Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. WAGO 750 Series PLCs, etc. are editable logic controller products of Germany WAGO Company. There is a security vulnerability in WAGO 750 Series PLCs using firmware version 10 and earlier. The vulnerability is caused by the program not implementing the three-way handshake correctly

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. Android for GraceNote GNSDK Contains a range error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GraceNote GNSDK SDK for Android is a software development kit for building music applications based on the Android platform. It can identify CDs, digital music files, and streaming audio. There are security vulnerabilities in GraceNote GNSDK SDK based on Android platform before version 1.1.7

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure. HuaweiS12700 is an enterprise-class switch product from China's Huawei company. The Huawei S7700 and S9700 are Huawei's intelligent routing switches. A security vulnerability exists in the Huawei S12700, S7700, and S9700. The following products are affected: Huawei S12700 V200R005C00 Version, V200R006C00 Version, V200R006C01 Version, V200R007C00 Version, V200R007C01 Version, V200R007C20 Version, V200R008C00 Version, V200R008C06 Version, V200R009C00 Version, V200R010C00 Version; S7700 V200R001C00 Version, V200R001C01 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00 Version, V200R006C01 Version, V200R007C00 Version, V200R007C01 Version, V200R008C00 Version, V200R008C06 version version, V200R009C00 Version, V200R010C00 Version; S9700 V200R001C00 Version, V200R001C01 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00, V200R006C01, V200R007C00 Version , version V200R007C01, version V200R008C00, version V200R009C00, version V200R010C00

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. TIM 1531 IRC Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens TIM 1531 IRC is a communication module from Siemens AG in Germany for processing data transmissions using the Siemens remote control protocol SINAUT ST7. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0554 * Buffer Overflow (CWE-119) - CVE-2018-0555 * OS Command Injection (CWE-78) - CVE-2018-0556 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0554 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0555 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0556. The Buffalo WZR-1750DHP2 is a router product of the Buffalo Group in Japan. A security hole exists in BuffaloWZR-1750DHP22.30 and earlier

Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0554 * Buffer Overflow (CWE-119) - CVE-2018-0555 * OS Command Injection (CWE-78) - CVE-2018-0556 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0554 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0555 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0556. The Buffalo WZR-1750DHP2 is a router product of the Buffalo Group in Japan. A buffer overflow vulnerability exists in BuffaloWZR-1750DHP22.30 and earlier

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0554 * Buffer Overflow (CWE-119) - CVE-2018-0555 * OS Command Injection (CWE-78) - CVE-2018-0556 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0554 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0555 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0556. The Buffalo WZR-1750DHP2 is a router product of the Buffalo Group in Japan. A security hole exists in BuffaloWZR-1750DHP22.30 and earlier

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. Apple macOS of ATS Components contain vulnerabilities that can capture important information.An attacker could obtain important information by using improper handling of symbolic links. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. An attacker could exploit this vulnerability through a maliciously crafted file to obtain user information

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Terminal is one of the terminal components

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. PDFKit is one of the PDF document generation components

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. APFS is one of the Apple device-specific file system components

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Apple Safari is prone to is prone to multiple security vulnerabilities. These issues may allow a remote attacker to carry out phishing-style attacks. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-6 Safari 11.1 Safari 11.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4102: Kai Zhao of 3H security team CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com) Safari Login AutoFill Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics. CVE-2018-4137: WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab CVE-2018-4114: found by OSS-Fuzz CVE-2018-4118: Jun Kokatsu (@shhnjk) CVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team CVE-2018-4121: Natalie Silvanovich of Google Project Zero CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative CVE-2018-4128: Zach Markley CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Unexpected interaction with indexing types causing an ASSERT failure Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks. CVE-2018-4113: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2018-4133: Anton Lopanitsyn of Wallarm, Linus SA$?rud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. CVE-2018-4117: an anonymous researcher, an anonymous researcher Additional recognition WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance. Installation note: Safari 11.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9Gl8pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYFUQ// QO1Al/D5ErPzNtbiQEnmPD4O5JMl/mz+ztGEkncEBWZiq9/4X0B1WLr+Ve/hF4l2 mkDPU2EEcPTg/pDvyeYnh4xKCcCScgUHpwdqAmtECG4C59IH+uL1PCbi2UDVZ6Jg W/xpP3DFykn1e2/R5ZE1iObZc+jLz5Rta3k0/Z0v5YhXY7x+vtMhSMh3HTPhy28T eoHRY0W9iWZUCkuKV0ugCGGsnrx5awbz4rHBdGCewEWeUrk5+h6Mwo6sJTAoO+0E nVKdRu0hvU1RzZSn3eiLSvo5qVNNT6bK7hf1P3eMUdJ7e5/unIIE6WXo8ox5iyRB sdNqI8K/HuBzcpKggXFAjVce+CDc5LVd2Kf1g/ymqejHqGp3VEhGY8FwJRTFBenm svzGQLGAFpg2bl3oKt9RCfQG/NGWjg2HTgp4eHDqEeqkQNENxjDAMYYm3Z7O2ODI JzaHXunbltbUNzgzfUzfGX/xtDmnNczijYd1vpIc9C1l0nv620HW3aOqv1vP2bxT JQFWwoZiJ7plmgRXLzBR2lvcyEfNWOE466yF+QIo5iBWOeGrBZqb5dYkqEskrDFk 4ju2DsG61j+aK5flU5C7Z6JZLGVBEOm+2OuUu+O4+aboHV0mEDcitl7RUFUWfW2d p5479DG4FgkWaZZH9I7eC2xMrPDspLU7Jscg6UCpeyQ= =D/co -----END PGP SIGNATURE-----

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition. Versions prior to Apple iOS 11.3 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-1 iOS 11.3 iOS 11.3 is now available and addresses the following: Clock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed through improved access restrictions. CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer) CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4155: Samuel GroA (@5aelo) CVE-2018-4158: Samuel GroA (@5aelo) CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH File System Events Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4167: Samuel GroA (@5aelo) Files Widget Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: File Widget may display contents on a locked device Description: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management. CVE-2018-4168: Brandon Moore Find My iPhone Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore. CVE-2018-4172: Viljami VastamA$?ki iCloud Drive Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4151: Samuel GroA (@5aelo) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4150: an anonymous researcher Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6) Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4174: an anonymous researcher, an anonymous researcher NSURLSession Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo) PluginKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4156: Samuel GroA (@5aelo) Quick Look Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department Safari Login AutoFill Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics. CVE-2018-4137: SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to user interface spoofing Description: A state management issue was addressed by disabling text input until the destination page loads. CVE-2018-4149: Abhinash Jain (@abhinashjain) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo) Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4154: Samuel GroA (@5aelo) System Preferences Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup. CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera Telephony Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed through improved message validation. CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV Web App Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in web app Description: A cookie management issue was addressed through improved state management. CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab CVE-2018-4114: found by OSS-Fuzz CVE-2018-4118: Jun Kokatsu (@shhnjk) CVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team CVE-2018-4121: Natalie Silvanovich of Google Project Zero CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative CVE-2018-4128: Zach Markley CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction with indexing types causing an ASSERT failure Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks. CVE-2018-4113: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. CVE-2018-4117: an anonymous researcher, an anonymous researcher WindowServer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management. CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH Additional recognition WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0 TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs +Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU 0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi +7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g 70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo= =RJi8 -----END PGP SIGNATURE-----

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. kext tools is one of the GUI tools for installing drivers

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS of NVIDIA A vulnerability exists in the graphics driver component that could bypass memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition. Versions prior to Apple iOS 11.3 are vulnerable. APNs is one of the push notification service components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-1 iOS 11.3 iOS 11.3 is now available and addresses the following: Clock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed through improved access restrictions. CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer) CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4155: Samuel GroA (@5aelo) CVE-2018-4158: Samuel GroA (@5aelo) CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH File System Events Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4167: Samuel GroA (@5aelo) Files Widget Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: File Widget may display contents on a locked device Description: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management. CVE-2018-4168: Brandon Moore Find My iPhone Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore. CVE-2018-4172: Viljami VastamA$?ki iCloud Drive Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4151: Samuel GroA (@5aelo) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4150: an anonymous researcher Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6) Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4174: an anonymous researcher, an anonymous researcher NSURLSession Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo) PluginKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4156: Samuel GroA (@5aelo) Quick Look Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department Safari Login AutoFill Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics. CVE-2018-4137: SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to user interface spoofing Description: A state management issue was addressed by disabling text input until the destination page loads. CVE-2018-4149: Abhinash Jain (@abhinashjain) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo) Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4154: Samuel GroA (@5aelo) System Preferences Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup. CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera Telephony Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed through improved message validation. CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV Web App Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in web app Description: A cookie management issue was addressed through improved state management. CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab CVE-2018-4114: found by OSS-Fuzz CVE-2018-4118: Jun Kokatsu (@shhnjk) CVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team CVE-2018-4121: Natalie Silvanovich of Google Project Zero CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative CVE-2018-4128: Zach Markley CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction with indexing types causing an ASSERT failure Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks. CVE-2018-4113: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. CVE-2018-4117: an anonymous researcher, an anonymous researcher WindowServer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management. CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH Additional recognition WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0 TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs +Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU 0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi +7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g 70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo= =RJi8 -----END PGP SIGNATURE-----

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. IOFireWireFamily is one of the FireWire interface drivers