TTCSIRT-106.040318: TT-CSIRT Advisory – Apple Security Updates

TTCSIRT-106.040318: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that multiple vulnerabilities have been discovered in iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, iTunes, Xcode, tvOS, watchOS and iOS.

Details are as follows:

1) A buffer overflow was addressed with improved size validation – (CVE-2018-4144)

2) A command injection issue existed in the handling of Bracketed Paste Mode. This issue was addressed through improved validation of special characters – (CVE-2018-4106)

3) A cookie management issue was addressed through improved state management – (CVE-2018-4110)

4) A cross-origin issue existed with the fetch API. This was addressed through improved input validation – (CVE-2018-4117)

5) A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation – (CVE-2018-4133)

6) A denial of service issue was addressed through improved memory handling – (CVE-2018-4142)

7) A logic issue existed resulting in memory corruption. This was addressed with improved state management – (CVE-2018-4139)

8) Multiple logic issues were addressed with improved validation – (CVE-2018-4175, CVE-2018-4176)

9) A logic issue was addressed with improved restrictions – (CVE-2017-13890)

10) A memory corruption issue was addressed through improved input validation – (CVE-2018-4146)

11) An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks – (CVE-2018-4113)

12) Multiple inconsistent user interface issues were addressed with improved state management – (CVE-2018-4102, CVE-2018-4116, CVE-2018-4134, CVE-2018-4174)

13) An information disclosure issue existed in the handling of alarms and timers. This issue was addressed through improved access restrictions – (CVE-2018-4123)

14) Multiple injection issues were addressed through improved input validation – (CVE-2018-4105, CVE-2018-4108)

15) An integer overflow existed in curl. This issue was addressed through improved bounds checking – (CVE-2017-8816)

16) An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup – (CVE-2018-4115)

17) An issue existed in the handling of S/MIME HTML e-mail. This issue was addressed by not loading remote resources on S/MIME encrypted messages by default if the message has an invalid or missing S/MIME signature – (CVE-2018-4111)

18) An issue existed in the parsing of URLs in PDFs. This issue was addressed through improved input validation – (CVE-2018-4107)

19) An out-of-bounds read was addressed through improved bounds checking – (CVE-2018-4136, CVE-2018-4160)

20) A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed through improved message validation – (CVE-2018-4140)

21) Multiple race conditions were addressed with additional validation – (CVE-2018-4151, CVE-2018-4152, CVE-2018-4154, CVE-2018-4155, CVE-2018-4156, CVE-2018-4157, CVE-2018-4158, CVE-2018-4166, CVE-2018-4167)

22) A state management issue existed when restoring from a backup. This issue was addressed through improved state checking during restore – (CVE-2018-4172)

23) A state management issue was addressed by disabling text input until the destination page loads – (CVE-2018-4149)

24) A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks – (CVE-2018-4112)

25) Multiple validation issues were addressed with improved input sanitization – (CVE-2018-4104, CVE-2018-4138)

26) By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management – (CVE-2018-4131)

27) Multiple issues were addressed by updating to version the current version of LLVM shipping with Xcode – (CVE-2018-4164)

28) Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics – (CVE-2018-4137)

29) The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management – (CVE-2018-4168)

30) The sysadminctl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. This update makes the password parameter optional, and sysadminctl will prompt for the password if needed – (CVE-2018-4170)

Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2018-035/