TTCSIRT-178.110518: TT-CSIRT Advisory – Apple Security Updates
Apple has a released a security update stating that it has fixed the following vulnerabilities in Safari, iCloud, iTunes, watchOS, iOS, tvOS, Mojave, High Sierra and Sierra:
a) A buffer overflow was addressed with improved size validation – (CVE-2018-4424).
b) A configuration issue was addressed with additional restrictions – (CVE-2018-4342).
c) A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation – (CVE-2018-4377).
d) Denial of service issues were addressed with improved validation – (CVE-2018-4304, CVE-2018-4368, CVE-2018-4406).
e) A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management – (CVE-2018-4387).
f) A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device – (CVE-2018-4388).
g) Logic issues were addressed with improved state management – (CVE-2018-4369, CVE-2018-4385).
h) Logic issues were addressed with improved validation – (CVE-2018-4374, CVE-2018-4423).
j) An input validation issue was addressed with improved input validation – (CVE-2018-4295).
k) An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes – (CVE-2018-4398).
l) An out-of-bounds read was addressed with improved bounds checking – (CVE-2018-4203, CVE-2018-4308, CVE-2018-4365).
m) An out-of-bounds read was addressed with improved input validation – (CVE-2018-4371).
n) A resource exhaustion issue was addressed with improved input validation – (CVE-2018-4409).
o) A validation issue existed which allowed local file access. This was addressed with input sanitization – (CVE-2018-4346).
p) Validation issues were addressed with improved input sanitization – (CVE-2018-4396, CVE-2018-4417, CVE-2018-4418).
|Further information on these vulnerabilities and their fixes can be found on the Apple Website at https://support.apple.com/en-us/HT209192|