TTCSIRT-081.012418: TT-CSIRT Advisory – Apple Security Updates

TTCSIRT-081.012418: TT-CSIRT Advisory – Apple Security Updates

Apple has released security updates stating that the following vulnerabilities have been discovered in Safari, watchOS, iOS, High Sierra, Sierra, El Capitan, and tvOS:

a) A certificate evaluation issue existed in the handling of name constraints – (CVE-2018-4086)

b) An application may be able to execute arbitrary code with kernel privileges – (CVE-2018-4097)

c) A memory corruption issue existed in the processing of web content – (CVE-2018-4085)

d) A memory initialization issue was addressed through improved memory handling – (CVE-2018-4090)

e) An access issue was addressed through additional sandbox restrictions – (CVE-2018-4091)

f) An out-of-bounds read issue existed in the curl – (CVE-2017-8817)

g) A race condition was addressed through improved locking – (CVE-2018-4092)

h) A resource exhaustion issue was addressed through improved input validation – (CVE-2018-4100)

i) Multiple validation issues were addressed with improved input sanitization – (CVE-2018-4084, CVE-2018-4093)

j) Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache – (CVE-2017-5754)

Further information on these vulnerabilities and how they can be fixed can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2018-006/