Multiple vulnerabilities in Apple Safari

Published: 2018-07-11 14:45:40 | Updated: 2018-07-11 14:51:45
Severity High
Patch available YES
Number of vulnerabilities 15
CVE ID CVE-2018-4279
CVE-2018-4274
CVE-2018-4260
CVE-2018-4266
CVE-2018-4270
CVE-2018-4278
CVE-2018-4284
CVE-2018-4271
CVE-2018-4261
CVE-2018-4262
CVE-2018-4263
CVE-2018-4264
CVE-2018-4265
CVE-2018-4267
CVE-2018-4272
CVSSv3 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-451
CWE-362
CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Apple Safari
Vulnerable software versions Apple Safari 11.1.1
Apple Safari 11.0.1
Apple Safari 11.0
Show more
Vendor URL Apple Inc.

Security Advisory

1) Spoofing attack

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to user interface inconsistency. A remote attacker can trick the victim into loading a specially crafted web content, will trigger a user interface error and spoof the address bar.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

2) Spoofing attack

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient input validation. A remote attacker can trick the victim into visiting a specially crafted website and spoof the address bar.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

3) Spoofing attack

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper state management. A remote attacker can trick the victim into visiting a specially crafted website and spoof the address bar.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

4) Race condition

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to race condition when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and cause the service to crash.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

5) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

6) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper audio taint tracking. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and exfiltrate audio data cross-origin.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

7) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

8) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

9) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

10) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

11) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

12) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

13) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

14) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

15) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Update to version 11.1.2.

External links

https://support.apple.com/en-us/HT208934

Back to List