TTCSIRT-144.071618: TT-CSIRT Advisory – Apple Security Updates
Apple has released a security update stating that the following vulnerabilities have been discovered in iTunes, iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, watchOS, tvOS, and iOS:
a) A cookie management issue was addressed with improved checks – (CVE-2018-4293).
b) A denial of service issue was addressed with improved memory handling – (CVE-2018-4290).
c) Multiple memory corruption issues were addressed with improved input validation – (CVE-2018-4269, CVE-2018-4271, CVE-2018-4273).
d) An information disclosure issue was addressed by removing the vulnerable code – (CVE-2018-4289).
e) An out-of-bounds read was addressed with improved input validation – (CVE-2018-4248).
f) A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation – (CVE-2018-4178).
g) A race condition was addressed with additional validation – (CVE-2018-4266).
h) Multiple inconsistent user interface issues were addressed with improved state management – (CVE-2018-4260, CVE-2018-4279).
i) Multiple memory corruption issues were addressed with improved memory handling – (CVE-2018-4261, CVE-2018-4262).
j) Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. This was addressed with improved input validation – (CVE-2018-4282, CVE-2018-4283).
k) Multiple type confusion issues were addressed with improved memory handling – (CVE-2018-4284, CVE-2018-4285).
Successful exploitation of the most severe of these vulnerabilities could result in an attacker having administrator privileges to install programs; view, change, or delete data; or create new accounts with full user rights.
|Further information on these vulnerabilities and how they can mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2018-076/|