lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 30 Oct 2018 11:58:00 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1,
 Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001
High Sierra, Security Update 2018-005 Sierra

macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra are now available and address
the following:

afpserver
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A remote attacker may be able to attack AFP servers through
HTTP clients
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC
Berkeley

AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4410: an anonymous researcher working with Trend Micro's
Zero Day Initiative

AppleGraphicsControl
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4417: Lee of the Information Security Lab Yonsei University
working with Trend Micro's Zero Day Initiative

APR
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2017-12613: Craig Young of Tripwire VERT
CVE-2017-12618: Craig Young of Tripwire VERT

ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend
Micro's Zero Day Initiative

ATS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4308: Mohamed Ghannam (@_simo36)

CFNetwork
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative

CoreAnimation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam
Secure Disclosure

CoreCrypto
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum

CoreFoundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)

CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: In certain configurations, a remote attacker may be able to
replace the message content from the print server with arbitrary
content
Description: An injection issue was addressed with improved
validation.
CVE-2018-4153: Michael Hanselmann of hansmi.ch

CUPS
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4406: Michael Hanselmann of hansmi.ch

Dictionary
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Parsing a maliciously crafted dictionary file may lead to
disclosure of user information
Description: A validation issue existed which allowed local file
access. This was addressed with input sanitization.
CVE-2018-4346: Wojciech Reguła (@_r3ggi) of SecuRing

Dock
Available for: macOS Mojave 10.14
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed by removing additional
entitlements.
CVE-2018-4403: Patrick Wardle of Digita Security

dyld
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4423: an anonymous researcher

EFI
Available for: macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and speculative execution of memory reads before the addresses of all
prior memory writes are known may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that older data read from
recently-written-to addresses cannot be read via a speculative
side-channel.
CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken
Johnson of the Microsoft Security Response Center (MSRC)

EFI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: A local user may be able to modify protected parts of the
file system
Description: A configuration issue was addressed with additional
restrictions.
CVE-2018-4342: Timothy Perfitt of Twocanoes Software

Foundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4304: jianan.huang (@Sevck)

Grand Central Dispatch
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4426: Brandon Azad

Heimdal
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4331: Brandon Azad

Hypervisor
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: Systems with microprocessors utilizing speculative execution
and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local
user access with guest OS privilege via a terminal page fault and a
side-channel analysis
Description: An information disclosure issue was addressed by
flushing the L1 data cache at the virtual machine entry.
CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas
F. Wenisch of University of Michigan, Mark Silberstein and Marina
Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens
of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu
of Intel Corporation, Yuval Yarom of The University of Adelaide

Hypervisor
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team

ICU
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher

Intel Graphics Driver
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4334: Ian Beer of Google Project Zero

Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4396: Yu Wang of Didi Research America
CVE-2018-4418: Yu Wang of Didi Research America

Intel Graphics Driver
Available for: macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4350: Yu Wang of Didi Research America

IOGraphics
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4422: an anonymous researcher working with Trend Micro's
Zero Day Initiative

IOHIDFamily
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation
CVE-2018-4408: Ian Beer of Google Project Zero

IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team

IOKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4341: Ian Beer of Google Project Zero
CVE-2018-4354: Ian Beer of Google Project Zero

IOUserEthernet
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4401: Apple

IPSec
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group

Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)

Kernel
Available for: macOS High Sierra 10.13.6
Impact: A malicious application may be able to leak sensitive user
information
Description: An access issue existed with privileged API calls. This
issue was addressed with additional restrictions.
CVE-2018-4399: Fabiano Anemone (@anoane)

Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4340: Mohamed Ghannam (@_simo36)
CVE-2018-4419: Mohamed Ghannam (@_simo36)
CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative,
Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero
Day Initiative

Kernel
Available for: macOS Sierra 10.12.6
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com

Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team

Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4407: Kevin Backhouse of Semmle Ltd.

Kernel
Available for: macOS Mojave 10.14
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4424: Dr. Silvio Cesare of InfoSect

Login Window
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A local user may be able to cause a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of
MWR InfoSecurity

Mail
Available for: macOS Mojave 10.14
Impact: Processing a maliciously crafted mail message may lead to UI
spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar
Gislason of Syndis

mDNSOffloadUserClient
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4326: an anonymous researcher working with Trend Micro's
Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team

MediaRemote
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs

Microcode
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Systems with microprocessors utilizing speculative execution
and that perform speculative reads of system registers may allow
unauthorized disclosure of system parameters to an attacker with
local user access via a side-channel analysis
Description: An information disclosure issue was addressed with a
microcode update. This ensures that implementation specific system
registers cannot be leaked via a speculative execution side-channel.
CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone),
Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com)

NetworkExtension
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher

Perl
Available for: macOS Sierra 10.12.6
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2018-6797: Brian Carpenter

Ruby
Available for: macOS Sierra 10.12.6
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple issues in Ruby were addressed in this update.
CVE-2017-898
CVE-2017-10784
CVE-2017-14033
CVE-2017-14064
CVE-2017-17405
CVE-2017-17742
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780

Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Processing a maliciously crafted S/MIME signed message may
lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.

Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A local user may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2018-4395: Patrick Wardle of Digita Security

Spotlight
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4393: Lufeng Li

Symptom Framework
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative

WiFi
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische Universität Darmstadt

Additional recognition

Calendar
We would like to acknowledge an anonymous researcher for their
assistance.

iBooks
We would like to acknowledge Sem Voigtländer of Fontys Hogeschool 
ICT for their assistance.

Kernel
We would like to acknowledge Brandon Azad for their assistance.

LaunchServices
We would like to acknowledge Alok Menghrajani of Square for their
assistance.

Quick Look
We would like to acknowledge lokihardt of Google Project Zero for
their assistance.

Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.

Terminal
We would like to acknowledge an anonymous researcher for their
assistance.

Installation note:

macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and
Security Update 2018-005 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ//
QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS
tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+
2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO
HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir
zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL
LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN
2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod
TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw
TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I
LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S
t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8=
=uhgi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists