var-201904-1359
Vulnerability from variot
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following:
afpserver Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley
AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4410: an anonymous researcher working with Trend Micro's Zero Day Initiative
AppleGraphicsControl Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative
APR Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT
ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative
ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36)
CFNetwork Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative
CoreAnimation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam Secure Disclosure
CoreCrypto Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum
CoreFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)
CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch
CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch
Dictionary Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing
Dock Available for: macOS Mojave 10.14 Impact: A malicious application may be able to access restricted files Description: This issue was addressed by removing additional entitlements. CVE-2018-4423: an anonymous researcher
EFI Available for: macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC)
EFI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A local user may be able to modify protected parts of the file system Description: A configuration issue was addressed with additional restrictions. CVE-2018-4342: Timothy Perfitt of Twocanoes Software
Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck)
Grand Central Dispatch Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad
Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad
Hypervisor Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide
Hypervisor Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team
ICU Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4394: an anonymous researcher
Intel Graphics Driver Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero
Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America
Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America
IOGraphics Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4422: an anonymous researcher working with Trend Micro's Zero Day Initiative
IOHIDFamily Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero
IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team
IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero
IOUserEthernet Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple
IPSec Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS High Sierra 10.13.6 Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane)
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4419: Mohamed Ghannam (@_simo36) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative
Kernel Available for: macOS Sierra 10.12.6 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd.
Kernel Available for: macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4424: Dr. Silvio Cesare of InfoSect
Login Window Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity
Mail Available for: macOS Mojave 10.14 Impact: Processing a maliciously crafted mail message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar Gislason of Syndis
mDNSOffloadUserClient Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team
MediaRemote Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs
Microcode Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel. CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone), Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com)
NetworkExtension Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-6797: Brian Carpenter
Ruby Available for: macOS Sierra 10.12.6 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. CVE-2018-4395: Patrick Wardle of Digita Security
Spotlight Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li
Symptom Framework Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative
WiFi Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt
Additional recognition
Calendar We would like to acknowledge an anonymous researcher for their assistance.
iBooks We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance.
Kernel We would like to acknowledge Brandon Azad for their assistance.
LaunchServices We would like to acknowledge Alok Menghrajani of Square for their assistance.
Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance.
Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance.
Terminal We would like to acknowledge an anonymous researcher for their assistance.
Installation note:
macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ// QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+ 2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN 2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8= =uhgi -----END PGP SIGNATURE----- . CVE-2018-4285: Mohamed Ghannam (@_simo36)
Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1359",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.8 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1 earlier"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.9.1 earlier"
},
{
"model": "macos high sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "(security update 2018-001 not applied )"
},
{
"model": "macos mojave",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.14.1 earlier"
},
{
"model": "macos sierra",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "(security update 2018-005 not applied )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.1 earlier"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.1 earlier"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 earlier"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.13.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_high_sierra",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_mojave",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_sierra",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kevin Backhouse of Semmle and LGTM.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-4291",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-134322",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-4291",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4291",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-4291",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1462",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-134322",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-4291",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134322"
},
{
"db": "VULMON",
"id": "CVE-2018-4291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
},
{
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001\nHigh Sierra, Security Update 2018-005 Sierra\n\nmacOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and\nSecurity Update 2018-005 Sierra are now available and address\nthe following:\n\nafpserver\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: A remote attacker may be able to attack AFP servers through\nHTTP clients\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC\nBerkeley\n\nAppleGraphicsControl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4410: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nAppleGraphicsControl\nAvailable for: macOS High Sierra 10.13.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4417: Lee of the Information Security Lab Yonsei University\nworking with Trend Micro\u0027s Zero Day Initiative\n\nAPR\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: Multiple buffer overflow issues existed in Perl\nDescription: Multiple issues in Perl were addressed with improved\nmemory handling. \nCVE-2017-12613: Craig Young of Tripwire VERT\nCVE-2017-12618: Craig Young of Tripwire VERT\n\nATS\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend\nMicro\u0027s Zero Day Initiative\n\nATS\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4308: Mohamed Ghannam (@_simo36)\n\nCFNetwork\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\n\nCoreAnimation\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4415: Liang Zhuo working with Beyond Security\u0027s SecuriTeam\nSecure Disclosure\n\nCoreCrypto\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An attacker may be able to exploit a weakness in the\nMiller-Rabin primality test to incorrectly identify prime numbers\nDescription: An issue existed in the method for determining prime\nnumbers. This issue was addressed by using pseudorandom bases for\ntesting of primes. \nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of\nRoyal Holloway, University of London, and Juraj Somorovsky of Ruhr\nUniversity, Bochum\n\nCoreFoundation\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4412: The UK\u0027s National Cyber Security Centre (NCSC)\n\nCUPS\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: In certain configurations, a remote attacker may be able to\nreplace the message content from the print server with arbitrary\ncontent\nDescription: An injection issue was addressed with improved\nvalidation. \nCVE-2018-4153: Michael Hanselmann of hansmi.ch\n\nCUPS\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4406: Michael Hanselmann of hansmi.ch\n\nDictionary\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: Parsing a maliciously crafted dictionary file may lead to\ndisclosure of user information\nDescription: A validation issue existed which allowed local file\naccess. This was addressed with input sanitization. \nCVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing\n\nDock\nAvailable for: macOS Mojave 10.14\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2018-4423: an anonymous researcher\n\nEFI\nAvailable for: macOS High Sierra 10.13.6\nImpact: Systems with microprocessors utilizing speculative execution\nand speculative execution of memory reads before the addresses of all\nprior memory writes are known may allow unauthorized disclosure of\ninformation to an attacker with local user access via a side-channel\nanalysis\nDescription: An information disclosure issue was addressed with a\nmicrocode update. This ensures that older data read from\nrecently-written-to addresses cannot be read via a speculative\nside-channel. \nCVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken\nJohnson of the Microsoft Security Response Center (MSRC)\n\nEFI\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2018-4342: Timothy Perfitt of Twocanoes Software\n\nFoundation\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4304: jianan.huang (@Sevck)\n\nGrand Central Dispatch\nAvailable for: macOS High Sierra 10.13.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4426: Brandon Azad\n\nHeimdal\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4331: Brandon Azad\n\nHypervisor\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: Systems with microprocessors utilizing speculative execution\nand address translations may allow unauthorized disclosure of\ninformation residing in the L1 data cache to an attacker with local\nuser access with guest OS privilege via a terminal page fault and a\nside-channel analysis\nDescription: An information disclosure issue was addressed by\nflushing the L1 data cache at the virtual machine entry. \nCVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas\nF. Wenisch of University of Michigan, Mark Silberstein and Marina\nMinkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens\nof KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu\nof Intel Corporation, Yuval Yarom of The University of Adelaide\n\nHypervisor\nAvailable for: macOS Sierra 10.12.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team\n\nICU\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4394: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Sierra 10.12.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4334: Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4396: Yu Wang of Didi Research America\nCVE-2018-4418: Yu Wang of Didi Research America\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4350: Yu Wang of Didi Research America\n\nIOGraphics\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4422: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nIOHIDFamily\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nIOKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4402: Proteas of Qihoo 360 Nirvan Team\n\nIOKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4341: Ian Beer of Google Project Zero\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nIOUserEthernet\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4401: Apple\n\nIPSec\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS High Sierra 10.13.6\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: An access issue existed with privileged API calls. This\nissue was addressed with additional restrictions. \nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4340: Mohamed Ghannam (@_simo36)\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\nCVE-2018-4425: cc working with Trend Micro\u0027s Zero Day Initiative,\nJuwei Lin (@panicaII) of Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative\n\nKernel\nAvailable for: macOS Sierra 10.12.6\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com\nCVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com\nCVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com\nCVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com\nCVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security\nTeam\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4407: Kevin Backhouse of Semmle Ltd. \n\nKernel\nAvailable for: macOS Mojave 10.14\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2018-4424: Dr. Silvio Cesare of InfoSect\n\nLogin Window\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: A local user may be able to cause a denial of service\nDescription: A validation issue was addressed with improved logic. \nCVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of\nMWR InfoSecurity\n\nMail\nAvailable for: macOS Mojave 10.14\nImpact: Processing a maliciously crafted mail message may lead to UI\nspoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar\nGislason of Syndis\n\nmDNSOffloadUserClient\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4326: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team\n\nMediaRemote\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs\n\nMicrocode\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: Systems with microprocessors utilizing speculative execution\nand that perform speculative reads of system registers may allow\nunauthorized disclosure of system parameters to an attacker with\nlocal user access via a side-channel analysis\nDescription: An information disclosure issue was addressed with a\nmicrocode update. This ensures that implementation specific system\nregisters cannot be leaked via a speculative execution side-channel. \nCVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone),\nZdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com)\n\nNetworkExtension\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14\nImpact: Connecting to a VPN server may leak DNS queries to a DNS\nproxy\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2018-6797: Brian Carpenter\n\nRuby\nAvailable for: macOS Sierra 10.12.6\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: Multiple issues in Ruby were addressed in this update. \nCVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. \nCVE-2018-4395: Patrick Wardle of Digita Security\n\nSpotlight\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4393: Lufeng Li\n\nSymptom Framework\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\n\nWiFi\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile\nNetworking Lab at Technische UniversitA$?t Darmstadt\n\nAdditional recognition\n\nCalendar\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\niBooks\nWe would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool \nICT for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad for their assistance. \n\nLaunchServices\nWe would like to acknowledge Alok Menghrajani of Square for their\nassistance. \n\nQuick Look\nWe would like to acknowledge lokihardt of Google Project Zero for\ntheir assistance. \n\nSecurity\nWe would like to acknowledge Marinos Bernitsas of Parachute for their\nassistance. \n\nTerminal\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and\nSecurity Update 2018-005 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ//\nQbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS\ntgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+\n2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO\nHKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir\nzf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL\nLG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN\n2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod\nTmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw\nTrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I\nLlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S\nt7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8=\n=uhgi\n-----END PGP SIGNATURE-----\n. \nCVE-2018-4285: Mohamed Ghannam (@_simo36)\n\nBluetooth\nAvailable for: MacBook Pro (15-inch, 2018), and MacBook Pro\n(13-inch, 2018, Four Thunderbolt 3 Ports)\nOther Mac models were addressed with macOS High Sierra 10.13.5. Lazy restored states are\npotentially vulnerable to exploits where one process may infer\nregister values of other processes through a speculative execution\nside channel that infers their value",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "VULHUB",
"id": "VHN-134322"
},
{
"db": "VULMON",
"id": "CVE-2018-4291"
},
{
"db": "PACKETSTORM",
"id": "150108"
},
{
"db": "PACKETSTORM",
"id": "150118"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4291",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "172831",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU96365720",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93082496",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1462",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-134322",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-4291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150118",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134322"
},
{
"db": "VULMON",
"id": "CVE-2018-4291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "PACKETSTORM",
"id": "150108"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
},
{
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"id": "VAR-201904-1359",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134322"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:18:17.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra",
"trust": 1.6,
"url": "https://support.apple.com/en-us/HT209193"
},
{
"title": "About the security content of iTunes 12.9.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209197"
},
{
"title": " About the security content of iCloud for Windows 7.8 ",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209198"
},
{
"title": "About the security content of Safari 12.0.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209196"
},
{
"title": " About the security content of tvOS 12.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209194"
},
{
"title": " About the security content of iOS 12.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209192"
},
{
"title": " About the security content of watchOS 5.1",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209195"
},
{
"title": "HT208937",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208937"
},
{
"title": "HT208937",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208937"
},
{
"title": "HT209193",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209193"
},
{
"title": "Apple macOS Sierra Kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=86440"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134322"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht208937"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209193"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/172831/macos-nfs-client-buffer-overflow.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4291"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96365720/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4291"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96365720/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93082496/index.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14064"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10784"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17405"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14033"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4259"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17742"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4287"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2018/nov/20"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4276"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4268"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4280"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134322"
},
{
"db": "VULMON",
"id": "CVE-2018-4291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "PACKETSTORM",
"id": "150108"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
},
{
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134322"
},
{
"db": "VULMON",
"id": "CVE-2018-4291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"db": "PACKETSTORM",
"id": "150108"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
},
{
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134322"
},
{
"date": "2019-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4291"
},
{
"date": "2018-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"date": "2019-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"date": "2018-10-31T15:50:04",
"db": "PACKETSTORM",
"id": "150108"
},
{
"date": "2018-10-31T16:14:57",
"db": "PACKETSTORM",
"id": "150118"
},
{
"date": "2018-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1462"
},
{
"date": "2019-04-03T18:29:05.690000",
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-134322"
},
{
"date": "2023-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4291"
},
{
"date": "2018-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008908"
},
{
"date": "2019-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014936"
},
{
"date": "2023-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1462"
},
{
"date": "2024-11-21T04:07:08.380000",
"db": "NVD",
"id": "CVE-2018-4291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Updates to product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1462"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.