Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Apple Patches Everything Again. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Patches Everything Again.

As usual for Apple patches, vulnerabilities tend to affect all/most Apple operating systems. One notable security issue that was addressed, but is not listed here, is the "USB accessory unlock" issue. This allowed systems like Greylock to unlock phones by brute forcing the passcode via the lightning port / USB. iOS 11.4.1 only allows USB devices to connect within 1 hour after the phone/tablet is locked. This is enabled by default but can be disabled by the user. OS X also fixes the latest versions of Spectre.

Patch Overview Across Operating Systems / Devices

(For OSX/macOS, WebKit is fixed via a standalone Safari Update)

Component CVE OS X/MacOS iOS watchOS TvOS
LinkPresentation CVE-2018-4277 X X X X
WebKit CVE-2018-4273   X X X
libxpc CVE-2018-4280 X X X X
WebKit CVE-2018-4284   X X X
WebKit CVE-2018-4263   X   X
CoreCrypto CVE-2018-4269 X      
WebKit CVE-2018-4265   X   X
WebKit CVE-2018-4267   X   X
Kernel CVE-2018-3665 X      
Emoji CVE-2018-4290   X X  
WebKit CVE-2018-4270   X X X
WebKit CVE-2018-4261   X   X
DesktopServices CVE-2018-4178 X      
Wi-Fi CVE-2018-4275   X    
WebKit CVE-2018-4274   X    
WebKit CVE-2018-4278   X   X
AMD CVE-2018-4289 X      
WebKit CVE-2018-4266   X X X
ATS CVE-2018-4285 X      
WebKit CVE-2018-4262   X X X
APFS CVE-2018-4268 X      
libxpc CVE-2018-4248 X X X X
WebKit CVE-2018-4272   X X X
IOGraphics CVE-2018-4283 X      
CFNetwork CVE-2018-4293 X X X X
Kernel CVE-2018-4282   X X X
WebKit Page Loading CVE-2018-4260   X    
WebKit CVE-2018-4271   X X X
WebKit CVE-2018-4264   X X X

OS X / macOS

Component macOS 10.13 macOS 10.12 OS X 10.11 Description Impact CVE
AMD x     A malicious application may be able to determine kernel memory layout An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4289
APFS x     An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE-2018-4268
ATS x     A malicious application may be able to gain root privileges A type confusion issue was addressed with improved memory handling. CVE-2018-4285
CFNetwork x     Cookies may unexpectedly persist in Safari A cookie management issue was addressed with improved checks. CVE-2018-4293
CoreCrypto   x x A malicious application may be able to break out of its sandbox A memory corruption issue was addressed with improved input validation. CVE-2018-4269
DesktopServices   x   A local user may be able to view sensitive user information A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. CVE-2018-4178
IOGraphics x     A local user may be able to read kernel memory An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2018-4283
Kernel x x x Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-3665
libxpc x x x An application may be able to gain elevated privileges A memory corruption issue was addressed with improved memory handling. CVE-2018-4280
libxpc x     A malicious application may be able to read restricted memory An out-of-bounds read was addressed with improved input validation. CVE-2018-4248
LinkPresentation x     Visiting a malicious website may lead to address bar spoofing A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277

iOS

Component Details Impact CVE
CFNetwork Cookies may unexpectedly persist in Safari A cookie management issue was addressed with improved checks. CVE-2018-4293
Emoji Processing an emoji under certain configurations may lead to a denial of service A denial of service issue was addressed with improved memory handling. CVE-2018-4290
Kernel A local user may be able to read kernel memory An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2018-4282
libxpc An application may be able to gain elevated privileges A memory corruption issue was addressed with improved memory handling. CVE-2018-4280
libxpc A malicious application may be able to read restricted memory An out-of-bounds read was addressed with improved input validation. CVE-2018-4248
LinkPresentation Visiting a malicious website may lead to address bar spoofing A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277
WebKit A malicious website may exfiltrate audio data cross-origin Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. CVE-2018-4278
WebKit A malicious website may be able to cause a denial of service A race condition was addressed with additional validation. CVE-2018-4266
WebKit Visiting a malicious website may lead to address bar spoofing A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4274
WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash A memory corruption issue was addressed with improved memory handling. CVE-2018-4270
WebKit Processing maliciously crafted web content may lead to arbitrary code execution A type confusion issue was addressed with improved memory handling. CVE-2018-4284
WebKit Processing maliciously crafted web content may lead to arbitrary code execution Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4261,CVE-2018-4262,CVE-2018-4263,CVE-2018-4264,CVE-2018-4265,CVE-2018-4267,CVE-2018-4272
WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Multiple memory corruption issues were addressed with improved input validation. CVE-2018-4271,CVE-2018-4273
WebKit Page Loading Visiting a malicious website may lead to address bar spoofing An inconsistent user interface issue was addressed with improved state management. CVE-2018-4260
Wi-Fi A malicious application may be able to break out of its sandbox A memory corruption issue was addressed with improved memory handling. CVE-2018-4275

TVOs

Component Description Impact CVE
CFNetwork Cookies may unexpectedly persist in Safari A cookie management issue was addressed with improved checks. CVE-2018-4293
Kernel A local user may be able to read kernel memory An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2018-4282
libxpc An application may be able to gain elevated privileges A memory corruption issue was addressed with improved memory handling. CVE-2018-4280
libxpc A malicious application may be able to read restricted memory An out-of-bounds read was addressed with improved input validation. CVE-2018-4248
LinkPresentation Visiting a malicious website may lead to address bar spoofing A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277
WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash A memory corruption issue was addressed with improved memory handling. CVE-2018-4270
WebKit A malicious website may exfiltrate audio data cross-origin Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. CVE-2018-4278
WebKit Processing maliciously crafted web content may lead to arbitrary code execution A type confusion issue was addressed with improved memory handling. CVE-2018-4284
WebKit A malicious website may be able to cause a denial of service A race condition was addressed with additional validation. CVE-2018-4266
WebKit Processing maliciously crafted web content may lead to arbitrary code execution Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4261,CVE-2018-4262,CVE-2018-4263,CVE-2018-4264,CVE-2018-4265,CVE-2018-4267,CVE-2018-4272
WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Multiple memory corruption issues were addressed with improved input validation. CVE-2018-4271,CVE-2018-4273

WatchOS

Component Models Description Impact CVE
CFNetwork All Apple Watch models Cookies may unexpectedly persist in Safari A cookie management issue was addressed with improved checks. CVE-2018-4293
Emoji All Apple Watch models Processing an emoji under certain configurations may lead to a denial of service A denial of service issue was addressed with improved memory handling. CVE-2018-4290
Kernel All Apple Watch models A local user may be able to read kernel memory An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2018-4282
libxpc All Apple Watch models An application may be able to gain elevated privileges A memory corruption issue was addressed with improved memory handling. CVE-2018-4280
libxpc All Apple Watch models A malicious application may be able to read restricted memory An out-of-bounds read was addressed with improved input validation. CVE-2018-4248
LinkPresentation All Apple Watch models Visiting a malicious website may lead to address bar spoofing A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277
WebKit All Apple Watch models Processing maliciously crafted web content may lead to an unexpected Safari crash A memory corruption issue was addressed with improved memory handling. CVE-2018-4270
WebKit All Apple Watch models Processing maliciously crafted web content may lead to arbitrary code execution A type confusion issue was addressed with improved memory handling. CVE-2018-4284
WebKit All Apple Watch models A malicious website may be able to cause a denial of service A race condition was addressed with additional validation. CVE-2018-4266
WebKit All Apple Watch models Processing maliciously crafted web content may lead to arbitrary code execution Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4262,CVE-2018-4264,CVE-2018-4272
WebKit All Apple Watch models Processing maliciously crafted web content may lead to an unexpected Safari crash Multiple memory corruption issues were addressed with improved input validation. CVE-2018-4271,CVE-2018-4273

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Defending Web Applications Security Essentials - SANS Network Security 2018

Johannes

3349 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!