VARIoT IoT vulnerabilities database
| VAR-201804-1193 | CVE-2018-4134 | Apple iOS of Safari Vulnerability in component impersonation of user interface |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the user interface via a crafted web site. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition.
Versions prior to Apple iOS 11.3 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
| VAR-201804-1191 | CVE-2018-4132 | Apple macOS of Intel Graphics Driver Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers
| VAR-201804-1190 | CVE-2018-4131 | Apple iOS and macOS of WindowServer Vulnerabilities that prevent the security input mode protection mechanism in components |
CVSS V2: 4.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states. Apple iOS and macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions, and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers. WindowServer is one of the Window service components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
| VAR-201804-1183 | CVE-2018-4123 | Apple iOS In alarm and timer processing of clock components iTunes Vulnerabilities in obtaining email addresses |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition.
Versions prior to Apple iOS 11.3 are vulnerable. Clock is one of the clock components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----
| VAR-201804-1192 | CVE-2018-4133 | Safari vulnerable to script injection |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. contains a script injection vulnerability (CWE-81) in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output straightly. Therefore by exploiting this vulnerability, an arbitrary script may be executed on the user's web browser via an error page that is displayed when a user is led to visit a website with a specially crafted domain name. Yuji Tonai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user is led to visit a website with a specially crafted domain name, an arbitrary script may be executed on the user's web browser. Apple Safari is prone to is prone to multiple security vulnerabilities.
An attacker may exploit these vulnerabilities to spoof the originating URL of a trusted web site. These issues may allow a remote attacker to carry out phishing-style attacks. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: August 22, 2018
Bugs: #652820, #658168, #662974
ID: 201808-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
References
==========
[ 1 ] CVE-2018-11646
https://nvd.nist.gov/vuln/detail/CVE-2018-11646
[ 2 ] CVE-2018-11712
https://nvd.nist.gov/vuln/detail/CVE-2018-11712
[ 3 ] CVE-2018-11713
https://nvd.nist.gov/vuln/detail/CVE-2018-11713
[ 4 ] CVE-2018-12293
https://nvd.nist.gov/vuln/detail/CVE-2018-12293
[ 5 ] CVE-2018-12294
https://nvd.nist.gov/vuln/detail/CVE-2018-12294
[ 6 ] CVE-2018-4101
https://nvd.nist.gov/vuln/detail/CVE-2018-4101
[ 7 ] CVE-2018-4113
https://nvd.nist.gov/vuln/detail/CVE-2018-4113
[ 8 ] CVE-2018-4114
https://nvd.nist.gov/vuln/detail/CVE-2018-4114
[ 9 ] CVE-2018-4117
https://nvd.nist.gov/vuln/detail/CVE-2018-4117
[ 10 ] CVE-2018-4118
https://nvd.nist.gov/vuln/detail/CVE-2018-4118
[ 11 ] CVE-2018-4119
https://nvd.nist.gov/vuln/detail/CVE-2018-4119
[ 12 ] CVE-2018-4120
https://nvd.nist.gov/vuln/detail/CVE-2018-4120
[ 13 ] CVE-2018-4121
https://nvd.nist.gov/vuln/detail/CVE-2018-4121
[ 14 ] CVE-2018-4122
https://nvd.nist.gov/vuln/detail/CVE-2018-4122
[ 15 ] CVE-2018-4125
https://nvd.nist.gov/vuln/detail/CVE-2018-4125
[ 16 ] CVE-2018-4127
https://nvd.nist.gov/vuln/detail/CVE-2018-4127
[ 17 ] CVE-2018-4128
https://nvd.nist.gov/vuln/detail/CVE-2018-4128
[ 18 ] CVE-2018-4129
https://nvd.nist.gov/vuln/detail/CVE-2018-4129
[ 19 ] CVE-2018-4133
https://nvd.nist.gov/vuln/detail/CVE-2018-4133
[ 20 ] CVE-2018-4146
https://nvd.nist.gov/vuln/detail/CVE-2018-4146
[ 21 ] CVE-2018-4162
https://nvd.nist.gov/vuln/detail/CVE-2018-4162
[ 22 ] CVE-2018-4163
https://nvd.nist.gov/vuln/detail/CVE-2018-4163
[ 23 ] CVE-2018-4165
https://nvd.nist.gov/vuln/detail/CVE-2018-4165
[ 24 ] CVE-2018-4190
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
[ 25 ] CVE-2018-4192
https://nvd.nist.gov/vuln/detail/CVE-2018-4192
[ 26 ] CVE-2018-4199
https://nvd.nist.gov/vuln/detail/CVE-2018-4199
[ 27 ] CVE-2018-4200
https://nvd.nist.gov/vuln/detail/CVE-2018-4200
[ 28 ] CVE-2018-4201
https://nvd.nist.gov/vuln/detail/CVE-2018-4201
[ 29 ] CVE-2018-4204
https://nvd.nist.gov/vuln/detail/CVE-2018-4204
[ 30 ] CVE-2018-4214
https://nvd.nist.gov/vuln/detail/CVE-2018-4214
[ 31 ] CVE-2018-4218
https://nvd.nist.gov/vuln/detail/CVE-2018-4218
[ 32 ] CVE-2018-4222
https://nvd.nist.gov/vuln/detail/CVE-2018-4222
[ 33 ] CVE-2018-4232
https://nvd.nist.gov/vuln/detail/CVE-2018-4232
[ 34 ] CVE-2018-4233
https://nvd.nist.gov/vuln/detail/CVE-2018-4233
[ 35 ] CVE-2018-4261
https://nvd.nist.gov/vuln/detail/CVE-2018-4261
[ 36 ] CVE-2018-4262
https://nvd.nist.gov/vuln/detail/CVE-2018-4262
[ 37 ] CVE-2018-4263
https://nvd.nist.gov/vuln/detail/CVE-2018-4263
[ 38 ] CVE-2018-4264
https://nvd.nist.gov/vuln/detail/CVE-2018-4264
[ 39 ] CVE-2018-4265
https://nvd.nist.gov/vuln/detail/CVE-2018-4265
[ 40 ] CVE-2018-4266
https://nvd.nist.gov/vuln/detail/CVE-2018-4266
[ 41 ] CVE-2018-4267
https://nvd.nist.gov/vuln/detail/CVE-2018-4267
[ 42 ] CVE-2018-4270
https://nvd.nist.gov/vuln/detail/CVE-2018-4270
[ 43 ] CVE-2018-4272
https://nvd.nist.gov/vuln/detail/CVE-2018-4272
[ 44 ] CVE-2018-4273
https://nvd.nist.gov/vuln/detail/CVE-2018-4273
[ 45 ] CVE-2018-4278
https://nvd.nist.gov/vuln/detail/CVE-2018-4278
[ 46 ] CVE-2018-4284
https://nvd.nist.gov/vuln/detail/CVE-2018-4284
[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003
https://webkitgtk.org/security/WSA-2018-0003.html
[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004
https://webkitgtk.org/security/WSA-2018-0004.html
[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005
https://webkitgtk.org/security/WSA-2018-0005.html
[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201808-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------
Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Yuan Deng of Ant-financial Light-Year Security Lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to OSS-Fuzz.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure. Description: An array indexing issue existed in the
handling of a function in JavaScriptCore. This issue was addressed
through improved checks.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
Credit to Jun Kokatsu (@shhnjk).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to an anonymous researcher working with Trend Microys Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Zach Markley.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to likemeng of Baidu Security Lab working with Trend Micro's
Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack. This issue was addressed with improved URL
validation.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to a
denial of service. Description: A memory corruption issue was
addressed through improved input validation.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
April 04, 2018
. ==========================================================================
Ubuntu Security Notice USN-3635-1
April 30, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3635-1
CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-6 Safari 11.1
Safari 11.1 is now available and addresses the following:
Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)
Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place.
CVE-2018-4133: Anton Lopanitsyn of Wallarm, Linus SA$?rud of Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
Safari 11.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9Gl8pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYFUQ//
QO1Al/D5ErPzNtbiQEnmPD4O5JMl/mz+ztGEkncEBWZiq9/4X0B1WLr+Ve/hF4l2
mkDPU2EEcPTg/pDvyeYnh4xKCcCScgUHpwdqAmtECG4C59IH+uL1PCbi2UDVZ6Jg
W/xpP3DFykn1e2/R5ZE1iObZc+jLz5Rta3k0/Z0v5YhXY7x+vtMhSMh3HTPhy28T
eoHRY0W9iWZUCkuKV0ugCGGsnrx5awbz4rHBdGCewEWeUrk5+h6Mwo6sJTAoO+0E
nVKdRu0hvU1RzZSn3eiLSvo5qVNNT6bK7hf1P3eMUdJ7e5/unIIE6WXo8ox5iyRB
sdNqI8K/HuBzcpKggXFAjVce+CDc5LVd2Kf1g/ymqejHqGp3VEhGY8FwJRTFBenm
svzGQLGAFpg2bl3oKt9RCfQG/NGWjg2HTgp4eHDqEeqkQNENxjDAMYYm3Z7O2ODI
JzaHXunbltbUNzgzfUzfGX/xtDmnNczijYd1vpIc9C1l0nv620HW3aOqv1vP2bxT
JQFWwoZiJ7plmgRXLzBR2lvcyEfNWOE466yF+QIo5iBWOeGrBZqb5dYkqEskrDFk
4ju2DsG61j+aK5flU5C7Z6JZLGVBEOm+2OuUu+O4+aboHV0mEDcitl7RUFUWfW2d
p5479DG4FgkWaZZH9I7eC2xMrPDspLU7Jscg6UCpeyQ=
=D/co
-----END PGP SIGNATURE-----
| VAR-201804-1174 | CVE-2018-4176 | Apple macOS Vulnerabilities that could trigger application launch in disk image component |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers
| VAR-201804-1173 | CVE-2018-4175 | Apple macOS of LaunchServices Vulnerabilities that bypass code signing protection mechanisms in components |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. LaunchServices is one of the components that uses a running application to open other applications or documents
| VAR-201804-1172 | CVE-2018-4174 | Apple iOS and macOS of Mail In the component S/MIME Vulnerable to reading encrypted messages |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface. Apple iOS and macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions, and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers
| VAR-201804-1170 | CVE-2018-4172 | Apple iOS of "iPhone Find " In the component iCloud Vulnerabilities that bypass password requests |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition.
Versions prior to Apple iOS 11.3 are vulnerable. Find My iPhone is one of the components that provides the function of recovering an accidentally lost iPhone
| VAR-201804-1169 | CVE-2018-4170 | Apple macOS of Admin Framework Component password retrieval vulnerability |
CVSS V2: 2.1 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. The vulnerability stems from the fact that the program requires passwords to be passed through parameters
| VAR-201804-1168 | CVE-2018-4168 | Apple iOS of Vulnerability in file widget component that could retrieve important information |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition.
Versions prior to Apple iOS 11.3 are vulnerable. The vulnerability stems from the fact that cached data can still be displayed when the Files Widget is locked. An attacker could exploit this vulnerability to obtain sensitive information
| VAR-201804-1164 | CVE-2018-4164 | Apple Xcode of LLVM Component vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.
Attackers can exploit these issues to perform unauthorized actions. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. LLVM (Low Level Virtual Machine) is a framework system of a framework compiler (compiler) developed by the LLVM team. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-4 Xcode 9.3
Xcode 9.3 is now available and addresses the following:
LLVM
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in llvm were addressed in this update
Description: Multiple issues were addressed by updating to version
the current version of LLVM shipping with Xcode.
CVE-2018-4164: found by OSS-Fuzz
Installation note:
Xcode 9.3 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "9.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlwpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZaQg//
fkrqYe4+rMCGg+cJfuC2IWAVH2xzlgKTqfGfOGPo1b8WO4dYYAjmNhKGS3XnMB7d
tcfDQRyEQIgXWdSON9uVmEAkziLjeqAHerUgD2M2XWz2XTY3HLbEvJr3wOi8/CI1
w+e33MNp/dJVZScyrqvqz1tPB/va9kbnmtM2YTdqRdkPNrLjmKiimLqZjrWTfKxE
f8lbwhGV7pZaCNQvI3YN3TdvTd2JECw08OqiCdEUO5NHFSXZrgm+Q8cnYfo0xv6y
ArPFLqRw0xIkWVp2SGp7gj346uKOtVEfZ0UPXCSMtMCpBVGpyKb+ev7EwSB0ctC1
hqHIfo/4JD7AyJssGsZ6aB3bi4fvC3K4fbdR+NbpbWrxj5QFPl3iJgKTmn0IwMLU
oPBZ6f8FZQFR/Pj6/OS11VcUgSAL1iMB8A10utDsDl3a7Ke1MthUpdCBbwam+I/Y
fR50qGZC+p+B6uW7nRN91QxR6iyMZDHMUM2DEId4WkYHRAve8ecMa5YB2s22iQX8
Vq/BWijO7FRZIp057fRTg/C5lxpxqP0bLYXtyWVTPHW9PNKI0qurQN+JExQU1Grz
/bd9h+UbOiqXz+0YmstVJGDVgAw1uMvzCnjfB5l5p8ZDTz7LwksRUIOHJi2lA0+n
BaZNZOnz2Ystn5PhNL98Mcm+CwkP8pGK/9vDy8ZU3FY=
=3u9H
-----END PGP SIGNATURE-----
| VAR-201804-1160 | CVE-2018-4160 | Apple macOS Kernel component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers
| VAR-201804-1159 | CVE-2018-4158 | plural Apple Product CoreFoundation Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions, and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. CoreFoundation is one of the core functional components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-2 watchOS 4.3
watchOS 4.3 is now available and addresses the following:
CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
NSURLSession
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
Quick Look
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Security
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
System Preferences
Available for: All Apple Watch models
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
WebKit
Available for: All Apple Watch models
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
WebKit
Available for: All Apple Watch models
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//
QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY
v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7
43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry
XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn
/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP
Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U
TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z
ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw
+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU
jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i
ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=
=FEXo
-----END PGP SIGNATURE-----
| VAR-201804-1157 | CVE-2018-4156 | Apple iOS and macOS of PluginKit Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions, and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers. PluginKit is one of the plugin building components
| VAR-201804-1155 | CVE-2018-4154 | Apple iOS and macOS Storage component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions, and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers
| VAR-201804-1154 | CVE-2018-4152 | Apple macOS Memo component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A race condition vulnerability exists in the Notes component of Apple macOS High Sierra prior to 10.13.4
| VAR-201804-1153 | CVE-2018-4151 | Apple iOS and macOS of iCloud Drive Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions, and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers
| VAR-201804-1150 | CVE-2018-4148 | Apple iOS of Telephony Component Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition.
Versions prior to Apple iOS 11.3 are vulnerable. APNs is one of the push notification service components
| VAR-201804-1151 | CVE-2018-4149 | Apple iOS of SafariViewController Vulnerability in component impersonation of user interface |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition.
Versions prior to Apple iOS 11.3 are vulnerable. SafariViewController is one of the web browser components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-1 iOS 11.3
iOS 11.3 is now available and addresses the following:
Clock
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: An information disclosure issue existed in the handling
of alarms and timers. This issue was addressed through improved
access restrictions.
CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)
CoreFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel GroA (@5aelo)
CVE-2018-4158: Samuel GroA (@5aelo)
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel GroA (@5aelo)
Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the
locked state. This issue was addressed with improved state
management.
CVE-2018-4168: Brandon Moore
Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a
back up. This issue was addressed through improved state checking
during restore.
CVE-2018-4172: Viljami VastamA$?ki
iCloud Drive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel GroA (@5aelo)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
NSURLSession
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel GroA (@5aelo)
PluginKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel GroA (@5aelo)
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel GroA (@5aelo)
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang
Zeng (@Wester) of Tencent Security Platform Department
Safari Login AutoFill
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2018-4149: Abhinash Jain (@abhinashjain)
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel GroA (@5aelo)
System Preferences
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling
Class 0 SMS messages. This issue was addressed through improved
message validation.
CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV
Web App
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved
state management.
CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher
WindowServer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Additional recognition
WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA
to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0
TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs
+Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq
g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z
oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU
0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi
+7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy
IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo
Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g
70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj
qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo=
=RJi8
-----END PGP SIGNATURE-----