Multiple vulnerabilities in Apple iCloud

Published: 2018-07-11 15:53:53 | Updated: 2018-07-11 15:57:50
Severity High
Patch available YES
Number of vulnerabilities 14
CVE ID CVE-2018-4293
CVE-2018-4270
CVE-2018-4278
CVE-2018-4284
CVE-2018-4266
CVE-2018-4271
CVE-2018-4273
CVE-2018-4272
CVE-2018-4267
CVE-2018-4265
CVE-2018-4264
CVE-2018-4263
CVE-2018-4262
CVE-2018-4261
CVSSv3 4.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
CWE-119
CWE-362
Exploitation vector Network
Public exploit Not available
Vulnerable software iCloud for Windows
Vulnerable software versions iCloud for Windows 7.5
iCloud for Windows 7.1
iCloud for Windows 7.0
iCloud for Windows 7.2
Vendor URL Apple Inc.

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an error in cookie management. A local attacker can run a specially crafted application and cause cookies unexpectedly persist in Safari.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

2) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

3) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper audio taint tracking. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and exfiltrate audio data cross-origin.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

4) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

5) Race condition

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to race condition when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and cause the service to crash.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

6) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

7) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

8) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

9) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

10) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

11) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

12) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

13) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

14) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Update to version 7.6.

External links

https://support.apple.com/en-us/HT208932

Back to List