SB2018103106 - Multiple vulnerabilities in Apple MacOS
Published: October 31, 2018 Updated: February 2, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 71 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-10784)
The vulnerability allows a remote attacker to cause DoS condition or obtain potentially sensitive information on the target system.The weakness exists due to escape sequence injection vulnerability in the Basic authentication of WEBrick. A remote attacker can supply a specially crafted user name value to the WEBrick Basic authentication function, inject escape sequence into the log file and view log contents.
Successful exploitation of the vulnerability results in information disclosure or denial of service.
2) Out-of-bounds read (CVE-ID: CVE-2017-12613)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.
3) Information disclosure (CVE-ID: CVE-2017-12618)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.
4) Improper input validation (CVE-ID: CVE-2017-14033)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to buffer underrun. A remote attacker can provide a specially crafted string to the OpenSSL::ASN1 decode function to cause the target interpreter to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Information disclosure (CVE-ID: CVE-2017-14064)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to an issue with using strdup in ext/json/ext/generator/generator.c during a JSON generate call. A remote attacker can send a specially crafted request, stop strdup after encountering a '' byte, returning a pointer to a string of length zero, which is not the length stored in space_len and expose arbitrary memory.
Successful exploitation of the vulnerability results in information disclosure.
6) Command injection (CVE-ID: CVE-2017-17405)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.The weakness exists due to flaws in the Net::FTP. A remote attacker can inject and execute arbitrary commands with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
7) HTTP response splitting (CVE-ID: CVE-2017-17742)
The vulnerability allows a remote attacker to perform HTTP response splitting attack.The weakness exists due to improper handling of HTTP requests. If a script accepts an external input and outputs it without modification as a part of HTTP responses, a remote attacker can use newline characters to trick the victim that the HTTP response header is stopped at there and inject fake HTTP responses after the newline characters to show malicious contents to the victim.
8) Speculative Store Bypass (CVE-ID: CVE-2018-3639)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.
Note: the vulnerability is referred to as "Spectre variant 4".
9) Rogue System Register Read (CVE-ID: CVE-2018-3640)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers
Note: the vulnerability is referred to as "Spectre variant 3A".
10) Side-channel attack (CVE-ID: CVE-2018-3646)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.
11) Memory corruption (CVE-ID: CVE-2018-4126)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in CFNetworkhandling component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
12) Improper input validation (CVE-ID: CVE-2018-4153)
The vulnerability allows a remote attacker to inject arbitrary file on the target system.
The weakness exists due to an error in CUPS component when handling malicious input. A remote attacker can supply a specially crafted input to replace the message content from the print server with arbitrary content.
13) Out-of-bounds read (CVE-ID: CVE-2018-4203)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read in Symptom Framework component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and read restricted memory.
14) Memory corruption (CVE-ID: CVE-2018-4242)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error in the Hypervisor component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Memory corruption (CVE-ID: CVE-2018-4259)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
16) Memory corruption (CVE-ID: CVE-2018-4286)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
17) Memory corruption (CVE-ID: CVE-2018-4287)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
18) Memory corruption (CVE-ID: CVE-2018-4288)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
19) Memory corruption (CVE-ID: CVE-2018-4291)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
20) Security restrictions bypass (CVE-ID: CVE-2018-4295)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error in afpserver component when handling malicious input. A remote attacker can supply a specially crafted input to bypass security restrictions and attack AFP servers through HTTP clients.
21) Improper input validation (CVE-ID: CVE-2018-4304)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in Foundation component when processing a malicious input. A remote attacker can supply a specially crafted text file and cause the service to crash.
22) Out-of-bounds read (CVE-ID: CVE-2018-4308)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in ATS component when handling malicious input. A local attacker can run a specially crafted application, trigger out-of-bounds read and read restricted memory.
23) Security restrictions bypass (CVE-ID: CVE-2018-4310)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error in MediaRemote component. A remote attacker can run a sandboxed process to circumvent sandbox restrictions.
24) Memory corruption (CVE-ID: CVE-2018-4326)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in mDNSOffloadUserClient component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
25) Memory corruption (CVE-ID: CVE-2018-4331)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in Heimdal component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
26) Memory corruption (CVE-ID: CVE-2018-4334)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
27) Memory corruption (CVE-ID: CVE-2018-4340)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
28) Security restrictions bypass (CVE-ID: CVE-2018-4341)
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to boundary error in IOKit component. A local attacker can run a specially crafted application to bypass security restrictions and break out of its sandbox.
29) Security restrictions bypass (CVE-ID: CVE-2018-4342)
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to an error in EFI component during configuration. A local attacker can bypass security restrictions and modify protected parts of the file system.
30) Information disclosure (CVE-ID: CVE-2018-4346)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in Dictionary component when handling malicious input. A remote attacker can supply a specially crafted dictionary file to read restricted memory.
31) Improper input validation (CVE-ID: CVE-2018-4348)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in Login Window component when handling malicious input. A local attacker can supply a specially crafted input and cause the service to crash.
32) Memory corruption (CVE-ID: CVE-2018-4350)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
33) Security restrictions bypass (CVE-ID: CVE-2018-4354)
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to boundary error in IOKit component. A local attacker can run a specially crafted application to bypass security restrictions and break out of its sandbox.
34) Improper input validation (CVE-ID: CVE-2018-4368)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to an error in WiFi component when handling malicious input. A remote attacker can supply a specially crafted input and cause the service to crash.
35) Memory leak (CVE-ID: CVE-2018-4369)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to memory leak in NetworkExtension component. A remote attacker can connect to a VPN server and access DNS queries from a DNS proxy.
36) Out-of-bounds read (CVE-ID: CVE-2018-4371)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to out-of-bounds read in IPSec component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
37) Spoofing attack (CVE-ID: CVE-2018-4389)
The vulnerability allows a remote attacker to conduct spoofing attack on the target system.
The weakness exists due to improper state management in MediaRemote in inconsistent user interface. A remote attacker can send a specially crafted mail message and spoof UI.
38) Memory corruption (CVE-ID: CVE-2018-4393)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Spotlight component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
39) Heap-based buffer overflow (CVE-ID: CVE-2018-4394)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to boundary error in ICU component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted string, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
40) Improper input validation (CVE-ID: CVE-2018-4395)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in Security component when handling malicious input. A local attacker can supply a specially crafted input and cause the service to crash.
41) Information disclosure (CVE-ID: CVE-2018-4396)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application and read restricted memory.
42) Information disclosure (CVE-ID: CVE-2018-4398)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in the Miller-Rabin primality test. A remote attacker can incorrectly identify prime numbers.
43) Information disclosure (CVE-ID: CVE-2018-4399)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in Kernel component when handling API calls. A local attacker can run a specially crafted application and read restricted memory.
44) Improper input validation (CVE-ID: CVE-2018-4400)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in Security component when processing a malicious input. A remote attacker can supply a specially crafted S/MIME signed message and cause the service to crash.
45) Memory corruption (CVE-ID: CVE-2018-4401)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in IOUserEthernet component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
46) Memory corruption (CVE-ID: CVE-2018-4402)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
47) Information disclosure (CVE-ID: CVE-2018-4403)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in Dock component when handling malicious input. A local attacker can run a specially crafted application and read restricted memory.
48) Improper input validation (CVE-ID: CVE-2018-4406)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to an error in CUPS component when handling malicious input. A remote attacker can supply a specially crafted input and cause the service to crash.
49) Memory corruption (CVE-ID: CVE-2018-4407)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
50) Memory corruption (CVE-ID: CVE-2018-4408)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in IOHIDFamily component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
51) Memory corruption (CVE-ID: CVE-2018-4410)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in AppleGraphicsControl component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
52) Memory corruption (CVE-ID: CVE-2018-4411)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in ATS component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
53) Memory corruption (CVE-ID: CVE-2018-4412)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in CoreFoundation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
54) Information disclosure (CVE-ID: CVE-2018-4413)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and read restricted memory.
55) Memory corruption (CVE-ID: CVE-2018-4415)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in CoreAnimation component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
56) Information disclosure (CVE-ID: CVE-2018-4417)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in AppleGraphicsControl component when handling malicious input. A remote attacker can supply a specially crafted input to read restricted memory.
57) Information disclosure (CVE-ID: CVE-2018-4418)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application and read restricted memory.
58) Memory corruption (CVE-ID: CVE-2018-4419)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
59) Memory corruption (CVE-ID: CVE-2018-4420)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
60) Memory corruption (CVE-ID: CVE-2018-4422)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in IOGraphics component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
61) Memory corruption (CVE-ID: CVE-2018-4423)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in dyld component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
62) Buffer overflow (CVE-ID: CVE-2018-4424)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
63) Memory corruption (CVE-ID: CVE-2018-4425)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
64) Memory corruption (CVE-ID: CVE-2018-4426)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in Grand Central Dispatch component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
65) Heap-based buffer overflow (CVE-ID: CVE-2018-6797)
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
66) Path traversal (CVE-ID: CVE-2018-6914)
The vulnerability allows a remote attacker to write arbitrary files on the target system.The weakness exists in the Dir.mktmpdir method in the tmpdir library due to path traversal. A remote attacker can create a directory or a file at any directory in the prefix argument.
67) Resource exhaustion (CVE-ID: CVE-2018-8777)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists a large request in WEBrick. A remote attacker can send a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause the service to crash.
68) Buffer under-read (CVE-ID: CVE-2018-8778)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists in the String#unpack method due to buffer under-read. A remote attacker can gain access to potentially sensitive information.
69) Poison null byte (CVE-ID: CVE-2018-8779)
The vulnerability allows a remote attacker to write arbitrary files on the target system.The weakness exists in the UNIXServer.open and UNIXSocket.open methods due to improper checking of null characters. A remote attacker can accept the socket file in the unintentional path.
70) Path traversal (CVE-ID: CVE-2018-8780)
The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.The weakness exists in the Dir.open, Dir.new, Dir.entries and Dir.empty? methods due to improper checking of NULL characters. A remote attacker can trigger the unintentional directory traversal.
71) Improper input validation (CVE-ID: CVE-2017-0898)
The vulnerability allows a remote attacker to cause DoS condition or obtain potentially sensitive information on the target system.The weakness exists due to buffer underrun in the Kernel.sprintf() method. A remote attacker can provide a specially crafted format string value to cause the target interpreter to crash or potentially access data from the heap.
Successful exploitation of the vulnerability results in information disclosure or denial of service.
Remediation
Install update from vendor's website.