SB2018071005 - Multiple vulnerabilities in Apple macOS Sierra 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018071005

SB2018071005 - Multiple vulnerabilities in Apple macOS Sierra

Published: July 10, 2018 Updated: April 1, 2024

Security Bulletin ID SB2018071005
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-4268)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error in the APFS component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Type confusion (CVE-ID: CVE-2018-4285)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to type confusion error. A local attacker can use a specially crafted application, trigger memory corruption and gain elevated privileges.


3) Information disclosure (CVE-ID: CVE-2018-4289)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a flaw in the AMD component. A local attacker can run a specially crafted application and determine kernel memory layout.


4) Memory corruption (CVE-ID: CVE-2018-4269)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to boundary error in the CoreCrypto component. A local attacker can run a specially crafted application, trigger memory corruption and break out of its sandbox.


5) Out-of-bounds read (CVE-ID: CVE-2018-4283)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to out-of-bounds memory read error in the IOGraphics component. A local attacker can run a specially crafted application and obtain kernel memory contents.


6) Security restrictions bypass (CVE-ID: CVE-2018-4293)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an error in cookie management. A local attacker can run a specially crafted application and cause cookies unexpectedly persist in Safari.


7) Information disclosure (CVE-ID: CVE-2018-4178)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to improper permission validation. A local attacker can run a specially crafted application and view sensitive information.


8) Memory corruption (CVE-ID: CVE-2018-4280)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error when processing malicious application. A local attacker can use a specially crafted application, trigger memory corruption and gain elevated privileges.


9) Out-of-bounds read (CVE-ID: CVE-2018-4248)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can run a specially crafted application, trigger out-of-bounds read and read restricted memory.


10) Spoofing attack (CVE-ID: CVE-2018-4277)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to a spoofing issue in the handling of URLs. A remote attacker can trick the victim into loading a specially crafted web content and spoof the address bar.


11) Side-channel attack (CVE-ID: CVE-2018-3665)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. A local attacker can conduct cache side-channel attacks and determine register values of other processes.

Note: This vulnerability is known as LazyFP.


12) Man-in-the-middle attack (CVE-ID: CVE-2018-5383)

The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.

The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key,  access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system. 


Remediation

Install update from vendor's website.

References