TTCSIRT-081.012418: TT-CSIRT Advisory – Apple Security Updates
Apple has released security updates stating that the following vulnerabilities have been discovered in Safari, watchOS, iOS, High Sierra, Sierra, El Capitan, and tvOS:
a) A certificate evaluation issue existed in the handling of name constraints – (CVE-2018-4086)
b) An application may be able to execute arbitrary code with kernel privileges – (CVE-2018-4097)
c) A memory corruption issue existed in the processing of web content – (CVE-2018-4085)
d) A memory initialization issue was addressed through improved memory handling – (CVE-2018-4090)
e) An access issue was addressed through additional sandbox restrictions – (CVE-2018-4091)
f) An out-of-bounds read issue existed in the curl – (CVE-2017-8817)
g) A race condition was addressed through improved locking – (CVE-2018-4092)
h) A resource exhaustion issue was addressed through improved input validation – (CVE-2018-4100)
i) Multiple validation issues were addressed with improved input sanitization – (CVE-2018-4084, CVE-2018-4093)
j) Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache – (CVE-2017-5754)
Further information on these vulnerabilities and how they can be fixed can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2018-006/ |