Multiple vulnerabilities in Apple MacOS

Published: 2018-12-06 12:22:54 | Updated: 2018-12-06
Severity High
Patch available YES
Number of vulnerabilities 13
CVE ID CVE-2018-4462
CVE-2018-4463
CVE-2018-4434
CVE-2018-4449
CVE-2018-4450
CVE-2018-4461
CVE-2018-4435
CVE-2018-4447
CVE-2018-4431
CVE-2018-4460
CVE-2018-4427
CVE-2018-4465
CVE-2018-4303
CVSSv3 2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-119
CWE-125
CWE-264
CWE-200
CWE-843
Exploitation vector Network
Public exploit N/A
Vulnerable software macOS
Vulnerable software versions macOS 10.14.1
macOS 10.13.6
macOS 10.12.6
Vendor URL Apple Inc.

Security Advisory

1) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient input validation in the AMD component. A local attacker can supply specially crafted files and read restricted memory.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

2) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Carbon Core component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

3) Out-of-bounds read

Description

The vulnerability allows a local attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to insufficient input validation in the Intel Graphics Driver component. A local attacker can supply specially crafted files, trigger out-of-bounds read condition and cause unexpected system termination or read kernel memory.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

4) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the WindowServer component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

5) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the WindowServer component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

6) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

7) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a logic issue in the Kernel component. A local attacker can run a specially crafted application and gain elevated privileges.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

8) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

9) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a boundary error in the Kernel component. A local attacker can trigger memory corruption and read kernel memory.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

10) Denial of service

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the Kernel component. A local attacker can conduct DoS attack and cause the device to crash.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

11) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a boundary error in IOHIDFamily component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted input, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

12) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Disk Images component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

13) Type confusion

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to type confusion in the Airport component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Remediation

Update to version 10.14.2.

External links

https://support.apple.com/en-us/HT209341

Back to List