Multiple vulnerabilities in Apple MacOS



Published: 2018-10-31 | Updated: 2023-02-02
Risk High
Patch available YES
Number of vulnerabilities 71
CVE-ID CVE-2017-10784
CVE-2017-12613
CVE-2017-12618
CVE-2017-14033
CVE-2017-14064
CVE-2017-17405
CVE-2017-17742
CVE-2018-3639
CVE-2018-3640
CVE-2018-3646
CVE-2018-4126
CVE-2018-4153
CVE-2018-4203
CVE-2018-4242
CVE-2018-4259
CVE-2018-4286
CVE-2018-4287
CVE-2018-4288
CVE-2018-4291
CVE-2018-4295
CVE-2018-4304
CVE-2018-4308
CVE-2018-4310
CVE-2018-4326
CVE-2018-4331
CVE-2018-4334
CVE-2018-4340
CVE-2018-4341
CVE-2018-4342
CVE-2018-4346
CVE-2018-4348
CVE-2018-4350
CVE-2018-4354
CVE-2018-4368
CVE-2018-4369
CVE-2018-4371
CVE-2018-4389
CVE-2018-4393
CVE-2018-4394
CVE-2018-4395
CVE-2018-4396
CVE-2018-4398
CVE-2018-4399
CVE-2018-4400
CVE-2018-4401
CVE-2018-4402
CVE-2018-4403
CVE-2018-4406
CVE-2018-4407
CVE-2018-4408
CVE-2018-4410
CVE-2018-4411
CVE-2018-4412
CVE-2018-4413
CVE-2018-4415
CVE-2018-4417
CVE-2018-4418
CVE-2018-4419
CVE-2018-4420
CVE-2018-4422
CVE-2018-4423
CVE-2018-4424
CVE-2018-4425
CVE-2018-4426
CVE-2018-6797
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
CVE-2017-0898
CWE-ID CWE-200
CWE-20
CWE-77
CWE-113
CWE-362
CWE-119
CWE-125
CWE-265
CWE-16
CWE-401
CWE-451
CWE-122
CWE-120
CWE-22
CWE-400
CWE-626
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #25 is available.
Public exploit code for vulnerability #49 is available.
Vulnerable software
Subscribe
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 71 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU8448

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10784

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or obtain potentially sensitive information on the target system.

The weakness exists due to escape sequence injection vulnerability in the Basic authentication of WEBrick. A remote attacker can supply a specially crafted user name value to the WEBrick Basic authentication function, inject escape sequence into the log file and view log contents.

Successful exploitation of the vulnerability results in information disclosure or denial of service.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU9477

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12613

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU15618

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12618

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU8449

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14033

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to buffer underrun. A remote attacker can provide a specially crafted string to the OpenSSL::ASN1 decode function to cause the target interpreter to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU8123

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14064

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an issue with using strdup in ext/json/ext/generator/generator.c during a JSON generate call. A remote attacker can send a specially crafted request, stop strdup after encountering a '' byte, returning a pointer to a string of length zero, which is not the length stored in space_len and expose arbitrary memory.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Command injection

EUVDB-ID: #VU9718

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-17405

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists due to flaws in the Net::FTP. A remote attacker can inject and execute arbitrary commands with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) HTTP response splitting

EUVDB-ID: #VU11537

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17742

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP response splitting attack.

The weakness exists due to improper handling of HTTP requests. If a script accepts an external input and outputs it without modification as a part of HTTP responses, a remote attacker can use newline characters to trick the victim that the HTTP response header is stopped at there and inject fake HTTP responses after the newline characters to show malicious contents to the victim.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Speculative Store Bypass

EUVDB-ID: #VU12911

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.

Note: the vulnerability is referred to as "Spectre variant 4".

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Rogue System Register Read

EUVDB-ID: #VU12914

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3640

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers

Note: the vulnerability is referred to as "Spectre variant 3A".

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Side-channel attack

EUVDB-ID: #VU14412

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3646

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory corruption

EUVDB-ID: #VU15588

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4126

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in CFNetworkhandling component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU15623

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4153

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary file on the target system.

The weakness exists due to an error in CUPS component when handling malicious input. A remote attacker can supply a specially crafted input to replace the message content from the print server with arbitrary content.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU15639

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4203

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read in Symptom Framework component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory corruption

EUVDB-ID: #VU13148

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4242

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error in the Hypervisor component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory corruption

EUVDB-ID: #VU15602

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory corruption

EUVDB-ID: #VU15603

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4286

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory corruption

EUVDB-ID: #VU15604

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4287

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory corruption

EUVDB-ID: #VU15605

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4288

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory corruption

EUVDB-ID: #VU15606

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4291

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Security restrictions bypass

EUVDB-ID: #VU15616

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4295

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in afpserver component when handling malicious input. A remote attacker can supply a specially crafted input to bypass security restrictions and attack AFP servers through HTTP clients.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU15611

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4304

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in Foundation component when processing a malicious input. A remote attacker can supply a specially crafted text file and cause the service to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU15620

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4308

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in ATS component when handling malicious input. A local attacker can run a specially crafted application, trigger out-of-bounds read and read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Security restrictions bypass

EUVDB-ID: #VU15636

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4310

CWE-ID: CWE-265 - Privilege / Sandbox Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in MediaRemote component. A remote attacker can run a sandboxed process to circumvent sandbox restrictions.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Memory corruption

EUVDB-ID: #VU15608

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4326

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in mDNSOffloadUserClient component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Memory corruption

EUVDB-ID: #VU15591

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-4331

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Heimdal component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

26) Memory corruption

EUVDB-ID: #VU15592

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4334

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory corruption

EUVDB-ID: #VU15599

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4340

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Security restrictions bypass

EUVDB-ID: #VU15631

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4341

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to boundary error in IOKit component. A local attacker can run a specially crafted application to bypass security restrictions and break out of its sandbox.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Security restrictions bypass

EUVDB-ID: #VU15627

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4342

CWE-ID: CWE-16 - Configuration

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to an error in EFI component during configuration. A local attacker can bypass security restrictions and modify protected parts of the file system.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Information disclosure

EUVDB-ID: #VU15624

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4346

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in Dictionary component when handling malicious input. A remote attacker can supply a specially crafted dictionary file to read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU15612

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4348

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in Login Window component when handling malicious input. A local attacker can supply a specially crafted input and cause the service to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory corruption

EUVDB-ID: #VU15593

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4350

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Security restrictions bypass

EUVDB-ID: #VU15632

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4354

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to boundary error in IOKit component. A local attacker can run a specially crafted application to bypass security restrictions and break out of its sandbox.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU15615

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4368

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to an error in WiFi component when handling malicious input. A remote attacker can supply a specially crafted input and cause the service to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Memory leak

EUVDB-ID: #VU15638

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4369

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to memory leak in NetworkExtension component. A remote attacker can connect to a VPN server and access DNS queries from a DNS proxy.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU15633

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4371

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to out-of-bounds read in IPSec component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Spoofing attack

EUVDB-ID: #VU15637

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4389

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to improper state management in MediaRemote in inconsistent user interface. A remote attacker can send a specially crafted mail message and spoof UI.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Memory corruption

EUVDB-ID: #VU15609

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4393

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in Spotlight component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Heap-based buffer overflow

EUVDB-ID: #VU15628

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4394

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to boundary error in ICU component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted string, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU15614

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4395

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in Security component when handling malicious input. A local attacker can supply a specially crafted input and cause the service to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Information disclosure

EUVDB-ID: #VU15629

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4396

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application and read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Information disclosure

EUVDB-ID: #VU15621

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4398

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the Miller-Rabin primality test. A remote attacker can incorrectly identify prime numbers.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Information disclosure

EUVDB-ID: #VU15634

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4399

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in Kernel component when handling API calls. A local attacker can run a specially crafted application and read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU15613

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4400

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in Security component when processing a malicious input. A remote attacker can supply a specially crafted S/MIME signed message and cause the service to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Memory corruption

EUVDB-ID: #VU15597

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4401

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in IOUserEthernet component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Memory corruption

EUVDB-ID: #VU15596

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4402

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Information disclosure

EUVDB-ID: #VU15625

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4403

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in Dock component when handling malicious input. A local attacker can run a specially crafted application and read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU15610

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4406

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to an error in CUPS component when handling malicious input. A remote attacker can supply a specially crafted input and cause the service to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Memory corruption

EUVDB-ID: #VU15607

Risk: High

CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-4407

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

50) Memory corruption

EUVDB-ID: #VU15595

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4408

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in IOHIDFamily component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Memory corruption

EUVDB-ID: #VU15587

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4410

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in AppleGraphicsControl component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Memory corruption

EUVDB-ID: #VU15619

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4411

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in ATS component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Memory corruption

EUVDB-ID: #VU15622

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4412

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in CoreFoundation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Information disclosure

EUVDB-ID: #VU15635

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4413

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory corruption

EUVDB-ID: #VU15589

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4415

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in CoreAnimation component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Information disclosure

EUVDB-ID: #VU15617

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in AppleGraphicsControl component when handling malicious input. A remote attacker can supply a specially crafted input to read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Information disclosure

EUVDB-ID: #VU15630

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4418

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in Intel Graphics Driver component when handling malicious input. A local attacker can run a specially crafted application and read restricted memory.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Memory corruption

EUVDB-ID: #VU15600

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4419

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Memory corruption

EUVDB-ID: #VU15598

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4420

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory corruption

EUVDB-ID: #VU15594

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4422

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in IOGraphics component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Memory corruption

EUVDB-ID: #VU15626

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4423

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in dyld component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Buffer overflow

EUVDB-ID: #VU15640

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4424

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Memory corruption

EUVDB-ID: #VU15601

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4425

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.14 18A391

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Memory corruption

EUVDB-ID: #VU15590

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4426

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Grand Central Dispatch component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Heap-based buffer overflow

EUVDB-ID: #VU11833

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6797

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Path traversal

EUVDB-ID: #VU11538

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6914

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in the Dir.mktmpdir method in the tmpdir library due to path traversal. A remote attacker can create a directory or a file at any directory in the prefix argument.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource exhaustion

EUVDB-ID: #VU11539

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8777

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists a large request in WEBrick. A remote attacker can send a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause the service to crash.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer under-read

EUVDB-ID: #VU11540

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8778

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the String#unpack method due to buffer under-read. A remote attacker can gain access to potentially sensitive information.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Poison null byte

EUVDB-ID: #VU11541

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8779

CWE-ID: CWE-626 - Null Byte Interaction Error (Poison Null Byte)

Exploit availability: No

Description

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in the UNIXServer.open and UNIXSocket.open methods due to improper checking of null characters. A remote attacker can accept the socket file in the unintentional path.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Path traversal

EUVDB-ID: #VU11542

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8780

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Dir.open, Dir.new, Dir.entries and Dir.empty? methods due to improper checking of NULL characters. A remote attacker can trigger the unintentional directory traversal.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper input validation

EUVDB-ID: #VU8447

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0898

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or obtain potentially sensitive information on the target system.

The weakness exists due to buffer underrun in the Kernel.sprintf() method. A remote attacker can provide a specially crafted format string value to cause the target interpreter to crash or potentially access data from the heap.

Successful exploitation of the vulnerability results in information disclosure or denial of service.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###