SB2018060402 - Multiple vulnerabilities in Apple macOS Sierra

Description

This security bulletin contains information about 30 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2018-4141)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to input validation flaw in the Intel Graphics Driver component. A local attacker can run a specially crafted application and read restricted memory.

2) Improper input validation (CVE-ID: CVE-2018-4159)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to input validation flaw in the Graphics Drivers component. A local attacker can run a specially crafted application and read restricted memory.

3) Information disclosure (CVE-ID: CVE-2018-4171)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an error in the Bluetooth component. A local attacker can run a specially crafted application and determine kernel memory layout.

4) Security restrictions bypass (CVE-ID: CVE-2018-4184)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to a microphone access control flaw in the Speech component. A remote attacker can run a sandboxed process and bypass sandbox restriction.

5) Memory corruption (CVE-ID: CVE-2018-4193)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error in the Windows Server component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Privilege escalation (CVE-ID: CVE-2018-4196)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Accessibility Framework component. A local attacker can run a specially crafted application and execute arbitrary code with system privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Improper input validation (CVE-ID: CVE-2018-4198)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to a flaw in the UIKit component. A remote attacker can trick the victim into loading specially crafted text file and cause the service to crash.

8) Spoofing attack (CVE-ID: CVE-2018-4202)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to input validation flaw in the iBooks component. A remote attacker can supply specially crafted content and spoof password prompts.

9) Memory corruption (CVE-ID: CVE-2018-4211)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the FontParser component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

10) Privilege escalation (CVE-ID: CVE-2018-4219)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error in the ATS component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

11) Man-in-the-middle attack (CVE-ID: CVE-2018-4221)

The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.

The vulnerability exists due to a flaw in the Security component in the handling of S-MIME client certificates. A remote attacker can conduct man-in-the-middle attack, intercept of the communication channel between the affected app and track the target user.

12) Information disclosure (CVE-ID: CVE-2018-4223)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.

13) Information disclosure (CVE-ID: CVE-2018-4224)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.

14) Security restrictions bypass (CVE-ID: CVE-2018-4225)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can bypass security restrictions and modify the state of the Keychain.

15) Information disclosure (CVE-ID: CVE-2018-4226)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can view sensitive user information.

16) Information disclosure (CVE-ID: CVE-2018-4227)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a flaw in the Mail component in the processing of S/MIME-encrypted email. A remote attacker can obtain contents on the email.

17) Race condition (CVE-ID: CVE-2018-4228)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to race condition in the IOFireWireAVC component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

18) Security restrictions bypass (CVE-ID: CVE-2018-4229)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to an error in parsing entitlement plists in the Grand Central Dispatch component. A remote attacker can run a sandboxed process and bypass sandbox restriction.

19) Race condition (CVE-ID: CVE-2018-4230)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to race condition in the NVIDIA Graphics Drivers component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

20) Memory corruption (CVE-ID: CVE-2018-4234)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error in the IOHIDFamily component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

21) Improper input validation (CVE-ID: CVE-2018-4235)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to input validation flaw in the Messages component. A local attacker can supply specially crafted content, bypass security restrictions and conduct impersonation attacks.

22) Memory corruption (CVE-ID: CVE-2018-4236)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error in the IOGraphics component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

23) Privilege escalation (CVE-ID: CVE-2018-4237)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a logic error in the libxpc component. A local attacker can run a specially crafted application and gain elevated privileges.

24) Improper input validation (CVE-ID: CVE-2018-4240)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted message and cause the service to crash.

25) Buffer overflow (CVE-ID: CVE-2018-4241)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

26) Memory corruption (CVE-ID: CVE-2018-4242)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error in the Hypervisor component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

27) Buffer overflow (CVE-ID: CVE-2018-4243)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

28) Improper input validation (CVE-ID: CVE-2018-4249)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to an unspecified validation flaw in the kernel component. A remote attacker can supply specially crafted content and cause the service to crash.

29) Security restrictions bypass (CVE-ID: CVE-2018-4251)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to a device configuration error in the Firmware component. A local attacker with root privileges can run a specially crafted application, bypass security restrictions and modify the EFI flash memory region.

30) Out-of-bounds read (CVE-ID: CVE-2018-4253)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to out-of-bounds memory read error in the AMD component. A local attacker can run read portions of kernel memory.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT208849