SB2018060411 - Multiple vulnerabilities in Apple iOS
Published: June 4, 2018 Updated: April 1, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 36 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2018-4215)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to buffer overflow in the Bluetooth component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
2) Resource exhaustion (CVE-ID: CVE-2018-4100)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to input validation flaw in the LinkPresentation component. A remote attacker can send a specially crafted text message, consume all available resources and cause the application to crash.
3) Memory corruption (CVE-ID: CVE-2018-4211)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the FontParser component. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Spoofing attack (CVE-ID: CVE-2018-4202)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists due to input validation flaw in the iBooks component. A remote attacker can supply specially crafted content and spoof password prompts.
5) Buffer overflow (CVE-ID: CVE-2018-4241)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Buffer overflow (CVE-ID: CVE-2018-4243)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to buffer overflow in the the kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Improper input validation (CVE-ID: CVE-2018-4249)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists due to an unspecified validation flaw in the kernel component. A remote attacker can supply specially crafted content and cause the service to crash.
8) Privilege escalation (CVE-ID: CVE-2018-4237)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a logic error in the libxpc component. A local attacker can run a specially crafted application and gain elevated privileges.
9) Security restrictions bypass (CVE-ID: CVE-2018-4239)
The vulnerability allows a physically local attacker to bypass security restrictions on the target system.
The vulnerability exists due to a permissions error in the Magnifier component. A physically local attacker can bypass security restrictions and view the last image used in Magnifier.
10) Information disclosure (CVE-ID: CVE-2018-4227)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a flaw in the Mail component in the processing of S/MIME-encrypted email. A remote attacker can obtain contents on the email.
11) Improper input validation (CVE-ID: CVE-2018-4235)
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to input validation flaw in the Messages component. A local attacker can supply specially crafted content, bypass security restrictions and conduct impersonation attacks.
12) Improper input validation (CVE-ID: CVE-2018-4240)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted message and cause the service to crash.
13) Improper input validation (CVE-ID: CVE-2018-4250)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a validation flaw in the Messages component. A remote attacker can send a specially crafted message and cause the service to crash.
14) Improper input validation (CVE-ID: CVE-2018-4247)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper validation of user-supplied input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website and cause the service to crash.
15) Man-in-the-middle attack (CVE-ID: CVE-2018-4221)
The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.
The vulnerability exists due to a flaw in the Security component in the handling of S-MIME client certificates. A remote attacker can conduct man-in-the-middle attack, intercept of the communication channel between the affected app and track the target user.
16) Information disclosure (CVE-ID: CVE-2018-4223)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.
17) Information disclosure (CVE-ID: CVE-2018-4224)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can read a persistent account identifier.
18) Security restrictions bypass (CVE-ID: CVE-2018-4225)
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can bypass security restrictions and modify the state of the Keychain.
19) Information disclosure (CVE-ID: CVE-2018-4226)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a state management error in the Security component. A local attacker can view sensitive user information.
20) Security restrictions bypass (CVE-ID: CVE-2018-4238)
The vulnerability allows a physically local attacker to bypass security restrictions on the target system.
The vulnerability exists due to a permissions error in the Siri component. A physically local attacker can bypass security restrictions and enable Siri from the lock screen.
21) Security restrictions bypass (CVE-ID: CVE-2018-4252)
The vulnerability allows a physically local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a permissions error in the Siri component. A physically local attacker can bypass security restrictions and read notifications of content that is set to be not displayed at the lock screen.
22) Security restrictions bypass (CVE-ID: CVE-2018-4244)
The vulnerability allows a physically local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a permissions error in the Siri Contacts component. A physically local attacker can bypass security restrictions and view private contact information.
23) Improper input validation (CVE-ID: CVE-2018-4198)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw in the UIKit component. A remote attacker can trick the victim into loading specially crafted text file and cause the service to crash.
24) Spoofing attack (CVE-ID: CVE-2018-4188)
The vulnerability allows a remote attacker to conduct spoofing attack on the target system.
The vulnerability exists due to a flaw in the WebKit component. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website and spoof the address bar.
25) Memory corruption (CVE-ID: CVE-2018-4201)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Memory corruption (CVE-ID: CVE-2018-4218)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Memory corruption (CVE-ID: CVE-2018-4233)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Buffer overflow (CVE-ID: CVE-2018-4199)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Improper input validation (CVE-ID: CVE-2018-4232)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and cause cookies to be overwritten.
30) Race condition (CVE-ID: CVE-2018-4192)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to race condition in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Memory corruption (CVE-ID: CVE-2018-4214)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger a memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Memory corruption (CVE-ID: CVE-2018-4204)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into loading a specially crafted web content, trigger memory corruption and execute arbitrary code with elevated privileges.
33) Type confusion (CVE-ID: CVE-2018-4246)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to type confusion in the WebKit component when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Information disclosure (CVE-ID: CVE-2018-4190)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a flaw in the WebKit component. A remote unauthenticated attacker can trick the victim into loading specially crafted CSS mask images and gain access to the target user's credentials.
35) Out-of-bounds read (CVE-ID: CVE-2018-4222)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to out-of-bounds read error in WebKit. A remote unauthenticated attacker can trick the victim into loading a specially crafted content, trigger memory corruption and cause the service to crash.
36) Man-in-the-middle attack (CVE-ID: CVE-2018-5383)
The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.
The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key, access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system.
Remediation
Install update from vendor's website.