SB2018060402 - Multiple vulnerabilities in Apple macOS Sierra
Published: June 4, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-4141)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to input validation flaw in the Intel Graphics Driver component. A local attacker can run a specially crafted application and read restricted memory.
2) Improper input validation (CVE-ID: CVE-2018-4159)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to input validation flaw in the Graphics Drivers component. A local attacker can run a specially crafted application and read restricted memory.
3) Information disclosure (CVE-ID: CVE-2018-4171)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to an error in the Bluetooth component. A local attacker can run a specially crafted application and determine kernel memory layout.
4) Security restrictions bypass (CVE-ID: CVE-2018-4184)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to a microphone access control flaw in the Speech component. A remote attacker can run a sandboxed process and bypass sandbox restriction.
5) Memory corruption (CVE-ID: CVE-2018-4193)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error in the Windows Server component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Privilege escalation (CVE-ID: CVE-2018-4196)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a flaw in the Accessibility Framework component. A local attacker can run a specially crafted application and execute arbitrary code with system privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Improper input validation (CVE-ID: CVE-2018-4198)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw in the UIKit component. A remote attacker can trick the victim into loading specially crafted text file and cause the service to crash.
8) Spoofing attack (CVE-ID: CVE-2018-4202)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists due to input validation flaw in the iBooks component. A remote attacker can supply specially crafted content and spoof password prompts.
9) Memory corruption (CVE-ID: CVE-2018-4211)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the FontParser component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Privilege escalation (CVE-ID: CVE-2018-4219)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error in the ATS component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
11) Man-in-the-middle attack (CVE-ID: CVE-2018-4221)
CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.
The vulnerability exists due to a flaw in the Security component in the handling of S-MIME client certificates. A remote attacker can conduct man-in-the-middle attack, intercept of the communication channel between the affected app and track the target user.
12) Information disclosure (CVE-ID: CVE-2018-4223)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.
13) Information disclosure (CVE-ID: CVE-2018-4224)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.
14) Security restrictions bypass (CVE-ID: CVE-2018-4225)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can bypass security restrictions and modify the state of the Keychain.
15) Information disclosure (CVE-ID: CVE-2018-4226)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can view sensitive user information.
16) Information disclosure (CVE-ID: CVE-2018-4227)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a flaw in the Mail component in the processing of S/MIME-encrypted email. A remote attacker can obtain contents on the email.
17) Race condition (CVE-ID: CVE-2018-4228)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to race condition in the IOFireWireAVC component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Security restrictions bypass (CVE-ID: CVE-2018-4229)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to an error in parsing entitlement plists in the Grand Central Dispatch component. A remote attacker can run a sandboxed process and bypass sandbox restriction.
19) Race condition (CVE-ID: CVE-2018-4230)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to race condition in the NVIDIA Graphics Drivers component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Memory corruption (CVE-ID: CVE-2018-4234)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error in the IOHIDFamily component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Improper input validation (CVE-ID: CVE-2018-4235)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to input validation flaw in the Messages component. A local attacker can supply specially crafted content, bypass security restrictions and conduct impersonation attacks.
22) Memory corruption (CVE-ID: CVE-2018-4236)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error in the IOGraphics component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Privilege escalation (CVE-ID: CVE-2018-4237)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a logic error in the libxpc component. A local attacker can run a specially crafted application and gain elevated privileges.
24) Improper input validation (CVE-ID: CVE-2018-4240)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted message and cause the service to crash.
25) Buffer overflow (CVE-ID: CVE-2018-4241)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Memory corruption (CVE-ID: CVE-2018-4242)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error in the Hypervisor component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Buffer overflow (CVE-ID: CVE-2018-4243)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Improper input validation (CVE-ID: CVE-2018-4249)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists due to an unspecified validation flaw in the kernel component. A remote attacker can supply specially crafted content and cause the service to crash.
29) Security restrictions bypass (CVE-ID: CVE-2018-4251)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to a device configuration error in the Firmware component. A local attacker with root privileges can run a specially crafted application, bypass security restrictions and modify the EFI flash memory region.
30) Out-of-bounds read (CVE-ID: CVE-2018-4253)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to out-of-bounds memory read error in the AMD component. A local attacker can run read portions of kernel memory.
Remediation
Install update from vendor's website.