SB2018033006 - Multiple vulnerabilities in Apple iOS

Description

This security bulletin contains information about 43 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2018-4101)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

2) Information disclosure (CVE-ID: CVE-2018-4104)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a input validation flaw in the the kernel component. A local attacker can run a specially crafted application and read restricted memory.

3) Security restrictions bypass (CVE-ID: CVE-2018-4110)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unspecified flaw. A remote attacker can bypass security restrictions and cause a cookie to persist.

4) Denial of service (CVE-ID: CVE-2018-4113)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an array indexing error in WebKit javascript core. A remote attacker can trigger an ASSERT failure and cause the system to crash.

5) Memory corruption (CVE-ID: CVE-2018-4114)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

6) Security restrictions bypass (CVE-ID: CVE-2018-4115)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the system may use a configuration profile that has been removed. A remote attacker can bypass security restrictions.

7) Information disclosure (CVE-ID: CVE-2018-4117)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to input validation flaw in the WebKit component fetch API. A remote attacker can bypass cross-origin restrictions and obtain potentially sensitive information.

8) Memory corruption (CVE-ID: CVE-2018-4118)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

9) Memory corruption (CVE-ID: CVE-2018-4119)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

10) Memory corruption (CVE-ID: CVE-2018-4120)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

11) Memory corruption (CVE-ID: CVE-2018-4121)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

12) Memory corruption (CVE-ID: CVE-2018-4122)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

13) Information disclosure (CVE-ID: CVE-2018-4123)

The vulnerability allows a physically local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to access control flaw in the Clock component. A physically local attacker can view the email address used for iTunes.

14) Memory corruption (CVE-ID: CVE-2018-4125)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

15) Memory corruption (CVE-ID: CVE-2018-4127)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

16) Memory corruption (CVE-ID: CVE-2018-4128)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

17) Memory corruption (CVE-ID: CVE-2018-4129)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

18) Memory corruption (CVE-ID: CVE-2018-4130)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

19) Security restrictions bypass (CVE-ID: CVE-2018-4131)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to a state management flaw in the WindowServer component.  A remote attacker can bypass security restrictions and log keystrokes entered into other applications when secure input mode is enabled.

20) Spoofing attack (CVE-ID: CVE-2018-4134)

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to a state management flaw in the Safari component. A remote attacker can spoof the user interface.

21) Security restrictions bypass (CVE-ID: CVE-2018-4137)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to a flaw in Safari Login AutoFill. A remote attacker can exfiltrate autofilled data in Safari without explicit user interaction.

22) Null pointer dereference (CVE-ID: CVE-2018-4140)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to null pointer dereference in the processing of Class 0 SMS messages in the Telephony component. A remote attacker can cause the system to restart.

23) Memory corruption (CVE-ID: CVE-2018-4142)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to boundary error in the CoreText component. A remote attacker can trigger memory corruption and cause the system to crash.

24) Memory corruption (CVE-ID: CVE-2018-4143)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

25) Buffer overflow (CVE-ID: CVE-2018-4144)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to buffer overflow in the Security component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

26) Memory corruption (CVE-ID: CVE-2018-4146)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and cause the system to crash.

27) Spoofing attack (CVE-ID: CVE-2018-4149)

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to a state management flaw in the SafariViewController component. A remote attacker can spoof the user interface.

28) Memory corruption (CVE-ID: CVE-2018-4150)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

29) Race condition (CVE-ID: CVE-2018-4151)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the iCloud Drive component. A local attacker can run a specially crafted application and gain elevated privileges.

30) Race condition (CVE-ID: CVE-2018-4154)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the Storage component. A local attacker can run a specially crafted application and gain elevated privileges.

31) Race condition (CVE-ID: CVE-2018-4155)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the CoreFoundation component. A local attacker can run a specially crafted application and cause the system to crash.

32) Race condition (CVE-ID: CVE-2018-4156)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the PluginKit component. A local attacker can run a specially crafted application and gain elevated privileges.

33) Race condition (CVE-ID: CVE-2018-4157)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the Quick Look component. A local attacker can run a specially crafted application and gain elevated privileges.

34) Race condition (CVE-ID: CVE-2018-4158)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the CoreFoundation component. A local attacker can run a specially crafted application and cause the system to crash.

35) Memory corruption (CVE-ID: CVE-2018-4161)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

36) Memory corruption (CVE-ID: CVE-2018-4162)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

37) Memory corruption (CVE-ID: CVE-2018-4163)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

38) Memory corruption (CVE-ID: CVE-2018-4165)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

39) Race condition (CVE-ID: CVE-2018-4166)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the NSURLSession component. A local attacker can run a specially crafted application and gain elevated privileges.

40) Race condition (CVE-ID: CVE-2018-4167)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the File System Events component. A local attacker can run a specially crafted application and gain elevated privileges.

41) Information disclosure (CVE-ID: CVE-2018-4168)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a state management flaw in the Files Widget component. A local attacker can view cached data when the system is locked.

42) Security restrictions bypass (CVE-ID: CVE-2018-4172)

The vulnerability allows a physically local attacker to bypass security restrictions on the target system.

The weakness exists due to a state management flaw in the Find My iPhone component. A physically local attacker can bypass security restrictions and disable the 'Find My iPhone' feature without entering an iCloud password.

43) Information disclosure (CVE-ID: CVE-2018-4174)

The vulnerability allows a remote low-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to user interface flaw in the Mail component. A remote attacker can obtain the contents of S/MIME-encrypted e-mail.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT208693