SB2018060408 - Multiple vulnerabilities in Apple watchOS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018060408

SB2018060408 - Multiple vulnerabilities in Apple watchOS

Published: June 4, 2018 Updated: April 1, 2024

Security Bulletin ID SB2018060408
Severity
High
Patch available
YES
Number of vulnerabilities 21
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 14% Low 52%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 21 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2018-4206)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Crash Reporter componen. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

2) Memory corruption (CVE-ID: CVE-2018-4211)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the FontParser component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Buffer overflow (CVE-ID: CVE-2018-4241)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Buffer overflow (CVE-ID: CVE-2018-4243)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Improper input validation (CVE-ID: CVE-2018-4249)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to an unspecified validation flaw in the kernel component. A remote attacker can supply specially crafted content and cause the service to crash.


6) Privilege escalation (CVE-ID: CVE-2018-4237)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a logic error in the libxpc component. A local attacker can run a specially crafted application and gain elevated privileges.


7) Improper input validation (CVE-ID: CVE-2018-4235)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to input validation flaw in the Messages component. A local attacker can supply specially crafted content, bypass security restrictions and conduct impersonation attacks.


8) Improper input validation (CVE-ID: CVE-2018-4240)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted message and cause the service to crash.


9) Information disclosure (CVE-ID: CVE-2018-4224)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.


10) Security restrictions bypass (CVE-ID: CVE-2018-4225)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can bypass security restrictions and modify the state of the Keychain.


11) Information disclosure (CVE-ID: CVE-2018-4223)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.


12) Information disclosure (CVE-ID: CVE-2018-4226)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a state management error in the Security component. A local attacker can view sensitive user information.


13) Improper input validation (CVE-ID: CVE-2018-4198)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to a flaw in the UIKit component. A remote attacker can trick the victim into loading specially crafted text file and cause the service to crash.


14) Race condition (CVE-ID: CVE-2018-4192)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to race condition in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


15) Memory corruption (CVE-ID: CVE-2018-4214)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


16) Type confusion (CVE-ID: CVE-2018-4246)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to type confusion in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


17) Memory corruption (CVE-ID: CVE-2018-4201)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


18) Memory corruption (CVE-ID: CVE-2018-4218)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


19) Memory corruption (CVE-ID: CVE-2018-4233)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


20) Out-of-bounds read (CVE-ID: CVE-2018-4222)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read error in WebKit. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger memory corruption and cause the service to crash.


21) Man-in-the-middle attack (CVE-ID: CVE-2018-5383)

The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.

The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key,  access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system. 


Remediation

Install update from vendor's website.

References