TTCSIRT-125.060418: TT-CSIRT Advisory – Apple Security Updates
Apple has released a security update stating that it has discovered the following vulnerabilities in the macOS High Sierra 10.13.5:
a) Accessibility Framework – a malicious application may be able to execute arbitrary code with system privileges (CVE-2018-4196).
b) AMD – a local user may be able to read kernel memory (CVE-2018-4253).
c) Bluetooth – a malicious application may be able to determine kernel memory layout (CVE-2018-4171).
d) Firmware – a malicious application with root privileges may be able to modify the EFI flash memory region (CVE-2018-4251).
e) IOGraphics – An application may be able to execute arbitrary code with kernel privileges (CVE-2018-4236).
|Further information on these vulnerabilities and how they can be mitigated can be found on the Apple Website at https://support.apple.com/en-us/HT208849