ESB-2018.0237 - [OSX] Apple MacOS: Multiple vulnerabilities 2018-01-24

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0237
       Multiple vulnerabilities have been identified in Apple MacOS
                              24 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple MacOS
Publisher:         Apple
Operating System:  OS X
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Privileged Data          -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote with User Interaction
                   Unauthorised Access             -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-4100 CVE-2018-4098 CVE-2018-4097
                   CVE-2018-4096 CVE-2018-4094 CVE-2018-4093
                   CVE-2018-4092 CVE-2018-4091 CVE-2018-4090
                   CVE-2018-4089 CVE-2018-4088 CVE-2018-4086
                   CVE-2018-4085 CVE-2018-4084 CVE-2018-4082
                   CVE-2017-8817 CVE-2017-5754 

Reference:         ASB-2018.0009
                   ESB-2018.0236
                   ESB-2018.0233
                   ESB-2018.0226
                   ASB-2018.0002.4

Original Bulletin: 
   https://support.apple.com/en-au/HT208465

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3,
Security Update 2018-001 Sierra,
and Security Update 2018-001 El Capitan

macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and
Security Update 2018-001 El Capitan are now available and address
the following:

Audio
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and
Taekyoung Kwon of the Information Security Lab, Yonsei University

curl
Available for: macOS High Sierra 10.13.2
Impact: Multiple issues in curl
Description: An out-of-bounds read issue existed in the curl. This
issue was addressed through improved bounds checking.
CVE-2017-8817: found by OSS-Fuzz

IOHIDFamily
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,
OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4098: Siguza

Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read kernel memory (Meltdown)
Description: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure of information to an attacker with local user access via
a side-channel analysis of the data cache.
CVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of
Graz University of Technology; Michael Schwarz of Graz University of
Technology; Daniel Gruss of Graz University of Technology;
Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus
Technology GmbH; Stefan Mangard of Graz University of Technology;
Paul Kocher; Daniel Genkin of University of Pennsylvania and
University of Maryland; Yuval Yarom of University of Adelaide and
Data61; and Mike Hamburg of Rambus (Cryptography Research Division)

Kernel
Available for: macOS High Sierra 10.13.2
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2018-4090: Jann Horn of Google Project Zero

Kernel
Available for: macOS High Sierra 10.13.2
Impact: An application may be able to read restricted memory
Description: A race condition was addressed through improved locking.
CVE-2018-4092: an anonymous researcher

Kernel
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,
OS X El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4082: Russ Cox of Google

Kernel
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4097: Resecurity, Inc.

Kernel
Available for: macOS High Sierra 10.13.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4093: Jann Horn of Google Project Zero

LinkPresentation
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6.2
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2018-4100: Abraham Masri (@cheesecakeufo)

QuartzCore
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,
OS X El Capitan 10.11.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
web content. This issue was addressed through improved input
validation.
CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day
Initiative

Sandbox
Available for: macOS High Sierra 10.13.2
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed through additional sandbox
restrictions.
CVE-2018-4091: Alex Gaynor of Mozilla

Security
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6
Impact: A certificate may have name constraints applied incorrectly
Description: A certificate evaluation issue existed in the handling
of name constraints. This issue was addressed through improved trust
evaluation of certificates.
CVE-2018-4086: Ian Haken of Netflix

WebKit
Available for: macOS High Sierra 10.13.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4088: Jeonghoon Shin of Theori
CVE-2018-4089: Ivan Fratric of Google Project Zero
CVE-2018-4096: found by OSS-Fuzz

Wi-Fi
Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,
OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4084: Hyung Sup Lee of Minionz, You Chan Lee of Hanyang
University

Installation note:

macOS High Sierra 10.13.3, Security Update 2018-001 Sierra,
and Security Update 2018-001 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpnnmApHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZaqg/8
DAjzEHmWMZxkSl88DnX/Y9x39DQ1eV6O0Bsg/WQ2r6wZlRDnBOYdJtgJU0I9MjgT
JjOj6M/l+YkVS3EJHcdQqAZ6RfSSMvIcRieHJ0Lfj6bfohKRLJxuloFVKar3lAsY
fIdzqlFKqWvPY6Neto2iR7ZhTWDW7QiVwbgSR1fleEWEglWtTeJjL6mff73Mqexh
7VngVFIicrbjoFD7uY2dctgkP+no3dcFieyRWF/z8OAmAOIkAc/KMqFyj22DBDq5
hH1j07Eo0RLKMT+nPq3Vgir5JVVR68M4UvDnSDXGHmTRYaM2BT8osWqlehgFQ52F
JhqAsJsKP1Mc9WZkly8OvBbZHJcIJryTSqytOOZRQuvg6fXHPOezajcpThTntGiI
/YcmaFIt8bZ8c0GbQXTMY8YCJEHtG3zb/z+Wf0sABfzbtCt48e5CQD5HDsoZyiML
J84Sbs1Lb5XFYsdZg5iUFukIJRqYwaf69BUgMmFPTOxkBL/KH7m4BmUtLeiStLYN
ykdW2TQFEbM6ojPL9HrAyho0wdX2/G4jiemAk22fb/XQ6q9+57RyduE/MDiFW93a
2XcIzxlsRk37ISIPyEkQTF/L/DTMdnhgI+ZIwmaMwU8Hd48MMMg6MIWYctefvnyB
a1pVFFlwHCfxBWYSVI2fkKwExlNNYXCOjGsN7TSBfNc=
=pc7O
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWmfJyYx+lLeg9Ub1AQjPjBAArKgcBxSEG27ue/0U/n8LLmEYS3bnDQPE
RXV+AZqOvAKI+IMDezfNWzfLftwl+bbE4NikBK/oR3TOb6QoVvXL7tQ/qH9BR8/O
8wZohDFf03raNRR0jHxJvNAinLXRPFX5yQXCw4R3bAeKr+4pbnq2kPI6MsIKSBFY
FHssDLkUPELPOU6zBVEcU116BdNtRhnC9dtE628W8QZuuqSqFAxv2zArp/UG3JwQ
XphJ3ddCEo0fmZL45pEY8qoSzz1v51tvbXart7ERiL5iNDWBtB/CrjwVfKzRoZhq
OyAWi5Q7UnwXrWWIkko59rvcqlk7CP4xm1hER3oJSXeF+X0z6LPHpxpbY+xAVPNt
f52PCuvLWsGmQMzKdusZ9u2l9TH00FKZh3MZCrL/QTLtAaPOfpk3dqunR7opvpgZ
wS/I2hLwz8bLYASETy1xLa3mWqarutDrhPnx6iVDmpgadXOnWANtxtBVCJ0F/oDi
U1vMeJa+nAnj5okNqPE8sBnGl65VxSj7lPSTKbss+Ha3XWbmoqIJyx8ta9h2lbkI
z43EFJsmUa6b+b+LYRsw1DqgE+bdpuaz0+2M7uqOdLzlP05LCk3mpr3yLUsLjo4s
+i9+Sg+EwIayAf1Lp/hf79Z6Bpla5HQAtdqrJ8UEEiU4SgBaNQwmeGgPaN4zpKd4
LjcxaxwQBW8=
=zQ87
-----END PGP SIGNATURE-----

« Back to bulletins