SB2018033101 - Multiple vulnerabilities in Apple macOS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018033101

SB2018033101 - Multiple vulnerabilities in Apple macOS

Published: March 31, 2018

Security Bulletin ID SB2018033101
Severity
High
Patch available
YES
Number of vulnerabilities 34
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 3% Medium 3% Low 94%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 34 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2017-13890)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an input validation flaw. A remote attacker can create specially crafted HTML that, when loaded by the target user, will exploit a logic error in the CoreTypes component and cause a disk image to be mounted on the target user's system.

2) Buffer overflow (CVE-ID: CVE-2017-8816)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow in the NTLM authentication process. A remote unauthenticated attacker can use vectors involving long user and password fields, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.


3) Information disclosure (CVE-ID: CVE-2018-4104)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a input validation flaw in the the kernel component. A local attacker can run a specially crafted application and read restricted memory.

4) Information disclosure (CVE-ID: CVE-2018-4105)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an APFS volume password may be unexpectedly truncated due to an input validation flaw. A remote attacker can send a specially crafted input and access arbitrary data.

5) Command injection (CVE-ID: CVE-2018-4106)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists due to input validation flaw in the Terminal component. A remote attacker can use the Bracketed Paste Mode to inject and execute arbitrary commands.

6) Open redirect (CVE-ID: CVE-2018-4107)

The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.

The weakness exists due to improper validation of user-supplied input. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious websites.

7) Information disclosure (CVE-ID: CVE-2018-4108)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an APFS volume password may be unexpectedly truncated due to an input validation flaw. A remote attacker can send a specially crafted input and access arbitrary data.

8) Information disclosure (CVE-ID: CVE-2018-4111)

The vulnerability allows a remote low-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper access control. A remote attacker can obtain the contents of S/MIME-encrypted e-mail.

9) Information disclosure (CVE-ID: CVE-2018-4112)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an input validation flaw. A remote attacker can trick the victim into opening a specially crafted input, trigger a symlink handling bug in the ATS component and obtain potentially sensitive information.

10) Security restrictions bypass (CVE-ID: CVE-2018-4115)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the system may use a configuration profile that has been removed. A remote attacker can bypass security restrictions.

11) Security restrictions bypass (CVE-ID: CVE-2018-4131)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to a state management flaw in the WindowServer component.  A remote attacker can bypass security restrictions and log keystrokes entered into other applications when secure input mode is enabled.

12) Memory corruption (CVE-ID: CVE-2018-4132)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Intel Graphics Driver component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with system privileges.

13) Memory corruption (CVE-ID: CVE-2018-4135)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the IOFireWireFamily component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

14) Out-of-bounds read (CVE-ID: CVE-2018-4136)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds memory read error in the kernel. A local attacker can run a specially crafted application and cause the system to crash.

15) Information disclosure (CVE-ID: CVE-2018-4138)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to input validation flaw in the NVIDIA Graphics Drivers component. A local attacker can run a specially crafted application and read restricted memory.

16) Memory corruption (CVE-ID: CVE-2018-4139)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the kext tools component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with system privileges.

17) Memory corruption (CVE-ID: CVE-2018-4142)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to boundary error in the CoreText component. A remote attacker can trigger memory corruption and cause the system to crash.

18) Memory corruption (CVE-ID: CVE-2018-4143)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

19) Buffer overflow (CVE-ID: CVE-2018-4144)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to buffer overflow in the Security component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

20) Memory corruption (CVE-ID: CVE-2018-4150)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

21) Race condition (CVE-ID: CVE-2018-4151)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the iCloud Drive component. A local attacker can run a specially crafted application and gain elevated privileges.

22) Race condition (CVE-ID: CVE-2018-4152)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a race condition in the Notes component. A local attacker can run a specially crafted application, trigger memory corruption and gain system privileges.

23) Race condition (CVE-ID: CVE-2018-4154)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the Storage component. A local attacker can run a specially crafted application and gain elevated privileges.

24) Race condition (CVE-ID: CVE-2018-4155)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the CoreFoundation component. A local attacker can run a specially crafted application and cause the system to crash.

25) Race condition (CVE-ID: CVE-2018-4156)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the PluginKit component. A local attacker can run a specially crafted application and gain elevated privileges.

26) Race condition (CVE-ID: CVE-2018-4157)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the Quick Look component. A local attacker can run a specially crafted application and gain elevated privileges.

27) Race condition (CVE-ID: CVE-2018-4158)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the CoreFoundation component. A local attacker can run a specially crafted application and cause the system to crash.

28) Out-of-bounds read (CVE-ID: CVE-2018-4160)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds memory read error in the kernel. A local attacker can run a specially crafted application and cause the system to crash.

29) Race condition (CVE-ID: CVE-2018-4166)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the NSURLSession component. A local attacker can run a specially crafted application and gain elevated privileges.

30) Race condition (CVE-ID: CVE-2018-4167)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the File System Events component. A local attacker can run a specially crafted application and gain elevated privileges.

31) Information disclosure (CVE-ID: CVE-2018-4170)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unspecified flaw in Admin Framework. A local attacker can view passwords supplied to 'sysadminctl' via the command line.

32) Information disclosure (CVE-ID: CVE-2018-4174)

The vulnerability allows a remote low-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to user interface flaw in the Mail component. A remote attacker can obtain the contents of S/MIME-encrypted e-mail.

33) Security restrictions bypass (CVE-ID: CVE-2018-4175)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to a logic error in the LaunchServices component. A local attacker can run a specially crafted application and bypass code signing enforcement.

34) Security restrictions bypass (CVE-ID: CVE-2018-4176)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an input validation flaw. A remote attacker can create specially crafted image that, when loaded by the target user, will trigger a logic error in the Disk Images component to cause an application to launch on the target user's system.

Remediation

Install update from vendor's website.

References