TTCSIRT-125.060418: TT-CSIRT Advisory – Apple Security Updates

TTCSIRT-125.060418: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that it has discovered the following vulnerabilities in the macOS High Sierra 10.13.5:

a) Accessibility Framework – a malicious application may be able to execute arbitrary code with system privileges (CVE-2018-4196).

b) AMD – a local user may be able to read kernel memory (CVE-2018-4253).

c) Bluetooth – a malicious application may be able to determine kernel memory layout (CVE-2018-4171).

d) Firmware – a malicious application with root privileges may be able to modify the EFI flash memory region (CVE-2018-4251).

e) IOGraphics – An application may be able to execute arbitrary code with kernel privileges (CVE-2018-4236).

Further information on these vulnerabilities and how they can be mitigated can be found on the Apple Website at https://support.apple.com/en-us/HT208849