Apple Patches Everything Again.
As usual for Apple patches, vulnerabilities tend to affect all/most Apple operating systems. One notable security issue that was addressed, but is not listed here, is the "USB accessory unlock" issue. This allowed systems like Greylock to unlock phones by brute forcing the passcode via the lightning port / USB. iOS 11.4.1 only allows USB devices to connect within 1 hour after the phone/tablet is locked. This is enabled by default but can be disabled by the user. OS X also fixes the latest versions of Spectre.
Patch Overview Across Operating Systems / Devices
(For OSX/macOS, WebKit is fixed via a standalone Safari Update)
| Component | CVE | OS X/MacOS | iOS | watchOS | TvOS |
|---|---|---|---|---|---|
| LinkPresentation | CVE-2018-4277 | X | X | X | X |
| WebKit | CVE-2018-4273 | X | X | X | |
| libxpc | CVE-2018-4280 | X | X | X | X |
| WebKit | CVE-2018-4284 | X | X | X | |
| WebKit | CVE-2018-4263 | X | X | ||
| CoreCrypto | CVE-2018-4269 | X | |||
| WebKit | CVE-2018-4265 | X | X | ||
| WebKit | CVE-2018-4267 | X | X | ||
| Kernel | CVE-2018-3665 | X | |||
| Emoji | CVE-2018-4290 | X | X | ||
| WebKit | CVE-2018-4270 | X | X | X | |
| WebKit | CVE-2018-4261 | X | X | ||
| DesktopServices | CVE-2018-4178 | X | |||
| Wi-Fi | CVE-2018-4275 | X | |||
| WebKit | CVE-2018-4274 | X | |||
| WebKit | CVE-2018-4278 | X | X | ||
| AMD | CVE-2018-4289 | X | |||
| WebKit | CVE-2018-4266 | X | X | X | |
| ATS | CVE-2018-4285 | X | |||
| WebKit | CVE-2018-4262 | X | X | X | |
| APFS | CVE-2018-4268 | X | |||
| libxpc | CVE-2018-4248 | X | X | X | X |
| WebKit | CVE-2018-4272 | X | X | X | |
| IOGraphics | CVE-2018-4283 | X | |||
| CFNetwork | CVE-2018-4293 | X | X | X | X |
| Kernel | CVE-2018-4282 | X | X | X | |
| WebKit Page Loading | CVE-2018-4260 | X | |||
| WebKit | CVE-2018-4271 | X | X | X | |
| WebKit | CVE-2018-4264 | X | X | X |
OS X / macOS
| Component | macOS 10.13 | macOS 10.12 | OS X 10.11 | Description | Impact | CVE |
|---|---|---|---|---|---|---|
| AMD | x | A malicious application may be able to determine kernel memory layout | An information disclosure issue was addressed by removing the vulnerable code. | CVE-2018-4289 | ||
| APFS | x | An application may be able to execute arbitrary code with kernel privileges | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4268 | ||
| ATS | x | A malicious application may be able to gain root privileges | A type confusion issue was addressed with improved memory handling. | CVE-2018-4285 | ||
| CFNetwork | x | Cookies may unexpectedly persist in Safari | A cookie management issue was addressed with improved checks. | CVE-2018-4293 | ||
| CoreCrypto | x | x | A malicious application may be able to break out of its sandbox | A memory corruption issue was addressed with improved input validation. | CVE-2018-4269 | |
| DesktopServices | x | A local user may be able to view sensitive user information | A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. | CVE-2018-4178 | ||
| IOGraphics | x | A local user may be able to read kernel memory | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. | CVE-2018-4283 | ||
| Kernel | x | x | x | Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel | Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. | CVE-2018-3665 |
| libxpc | x | x | x | An application may be able to gain elevated privileges | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4280 |
| libxpc | x | A malicious application may be able to read restricted memory | An out-of-bounds read was addressed with improved input validation. | CVE-2018-4248 | ||
| LinkPresentation | x | Visiting a malicious website may lead to address bar spoofing | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. | CVE-2018-4277 |
iOS
| Component | Details | Impact | CVE |
|---|---|---|---|
| CFNetwork | Cookies may unexpectedly persist in Safari | A cookie management issue was addressed with improved checks. | CVE-2018-4293 |
| Emoji | Processing an emoji under certain configurations may lead to a denial of service | A denial of service issue was addressed with improved memory handling. | CVE-2018-4290 |
| Kernel | A local user may be able to read kernel memory | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. | CVE-2018-4282 |
| libxpc | An application may be able to gain elevated privileges | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4280 |
| libxpc | A malicious application may be able to read restricted memory | An out-of-bounds read was addressed with improved input validation. | CVE-2018-4248 |
| LinkPresentation | Visiting a malicious website may lead to address bar spoofing | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. | CVE-2018-4277 |
| WebKit | A malicious website may exfiltrate audio data cross-origin | Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | CVE-2018-4278 |
| WebKit | A malicious website may be able to cause a denial of service | A race condition was addressed with additional validation. | CVE-2018-4266 |
| WebKit | Visiting a malicious website may lead to address bar spoofing | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. | CVE-2018-4274 |
| WebKit | Processing maliciously crafted web content may lead to an unexpected Safari crash | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4270 |
| WebKit | Processing maliciously crafted web content may lead to arbitrary code execution | A type confusion issue was addressed with improved memory handling. | CVE-2018-4284 |
| WebKit | Processing maliciously crafted web content may lead to arbitrary code execution | Multiple memory corruption issues were addressed with improved memory handling. | CVE-2018-4261,CVE-2018-4262,CVE-2018-4263,CVE-2018-4264,CVE-2018-4265,CVE-2018-4267,CVE-2018-4272 |
| WebKit | Processing maliciously crafted web content may lead to an unexpected Safari crash | Multiple memory corruption issues were addressed with improved input validation. | CVE-2018-4271,CVE-2018-4273 |
| WebKit Page Loading | Visiting a malicious website may lead to address bar spoofing | An inconsistent user interface issue was addressed with improved state management. | CVE-2018-4260 |
| Wi-Fi | A malicious application may be able to break out of its sandbox | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4275 |
TVOs
| Component | Description | Impact | CVE |
|---|---|---|---|
| CFNetwork | Cookies may unexpectedly persist in Safari | A cookie management issue was addressed with improved checks. | CVE-2018-4293 |
| Kernel | A local user may be able to read kernel memory | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. | CVE-2018-4282 |
| libxpc | An application may be able to gain elevated privileges | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4280 |
| libxpc | A malicious application may be able to read restricted memory | An out-of-bounds read was addressed with improved input validation. | CVE-2018-4248 |
| LinkPresentation | Visiting a malicious website may lead to address bar spoofing | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. | CVE-2018-4277 |
| WebKit | Processing maliciously crafted web content may lead to an unexpected Safari crash | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4270 |
| WebKit | A malicious website may exfiltrate audio data cross-origin | Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | CVE-2018-4278 |
| WebKit | Processing maliciously crafted web content may lead to arbitrary code execution | A type confusion issue was addressed with improved memory handling. | CVE-2018-4284 |
| WebKit | A malicious website may be able to cause a denial of service | A race condition was addressed with additional validation. | CVE-2018-4266 |
| WebKit | Processing maliciously crafted web content may lead to arbitrary code execution | Multiple memory corruption issues were addressed with improved memory handling. | CVE-2018-4261,CVE-2018-4262,CVE-2018-4263,CVE-2018-4264,CVE-2018-4265,CVE-2018-4267,CVE-2018-4272 |
| WebKit | Processing maliciously crafted web content may lead to an unexpected Safari crash | Multiple memory corruption issues were addressed with improved input validation. | CVE-2018-4271,CVE-2018-4273 |
WatchOS
| Component | Models | Description | Impact | CVE |
|---|---|---|---|---|
| CFNetwork | All Apple Watch models | Cookies may unexpectedly persist in Safari | A cookie management issue was addressed with improved checks. | CVE-2018-4293 |
| Emoji | All Apple Watch models | Processing an emoji under certain configurations may lead to a denial of service | A denial of service issue was addressed with improved memory handling. | CVE-2018-4290 |
| Kernel | All Apple Watch models | A local user may be able to read kernel memory | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. | CVE-2018-4282 |
| libxpc | All Apple Watch models | An application may be able to gain elevated privileges | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4280 |
| libxpc | All Apple Watch models | A malicious application may be able to read restricted memory | An out-of-bounds read was addressed with improved input validation. | CVE-2018-4248 |
| LinkPresentation | All Apple Watch models | Visiting a malicious website may lead to address bar spoofing | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. | CVE-2018-4277 |
| WebKit | All Apple Watch models | Processing maliciously crafted web content may lead to an unexpected Safari crash | A memory corruption issue was addressed with improved memory handling. | CVE-2018-4270 |
| WebKit | All Apple Watch models | Processing maliciously crafted web content may lead to arbitrary code execution | A type confusion issue was addressed with improved memory handling. | CVE-2018-4284 |
| WebKit | All Apple Watch models | A malicious website may be able to cause a denial of service | A race condition was addressed with additional validation. | CVE-2018-4266 |
| WebKit | All Apple Watch models | Processing maliciously crafted web content may lead to arbitrary code execution | Multiple memory corruption issues were addressed with improved memory handling. | CVE-2018-4262,CVE-2018-4264,CVE-2018-4272 |
| WebKit | All Apple Watch models | Processing maliciously crafted web content may lead to an unexpected Safari crash | Multiple memory corruption issues were addressed with improved input validation. | CVE-2018-4271,CVE-2018-4273 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
Keywords:
0 comment(s)
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
![modal content]()
Diary Archives
Comments