ESB-2018.0968 - [OSX] Safari : Multiple vulnerabilities 2018-04-03

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0968
                                Safari 11.1
                               3 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Safari
Publisher:         Apple
Operating System:  OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-4165 CVE-2018-4163 CVE-2018-4162
                   CVE-2018-4161 CVE-2018-4146 CVE-2018-4137
                   CVE-2018-4133 CVE-2018-4130 CVE-2018-4129
                   CVE-2018-4128 CVE-2018-4127 CVE-2018-4125
                   CVE-2018-4122 CVE-2018-4121 CVE-2018-4120
                   CVE-2018-4119 CVE-2018-4118 CVE-2018-4117
                   CVE-2018-4116 CVE-2018-4114 CVE-2018-4113
                   CVE-2018-4102 CVE-2018-4101 

Reference:         ESB-2018.0965
                   ESB-2018.0964
                   ESB-2018.0963

Original Bulletin: 
   https://support.apple.com/en-au/HT208695

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-3-29-6 Safari 11.1

Safari 11.1 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab
(tencent.com)

Safari Login AutoFill
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user
interaction before taking place. The issue was addressed through
improved autofill heuristics.
CVE-2018-4137:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
CVE-2018-4114: found by OSS-Fuzz
CVE-2018-4118: Jun Kokatsu (@shhnjk)
CVE-2018-4119: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
CVE-2018-4121: Natalie Silvanovich of Google Project Zero
CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4127: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2018-4128: Zach Markley
CVE-2018-4129: likemeng of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative
CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative
CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Unexpected interaction with indexing types causing an ASSERT
failure
Description: An array indexing issue existed in the handling of a
function in javascript core. This issue was addressed through
improved checks.
CVE-2018-4113: found by OSS-Fuzz

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a maliciously crafted website may lead to a
cross-site scripting attack
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2018-4133: Anton Lopanitsyn of Wallarm, Linus S=C3=A4rud of =
Detectify
(detectify.com), Yuji Tounai of NTT Communications Corporation

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to a
denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4146: found by OSS-Fuzz

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This
was addressed through improved input validation.
CVE-2018-4117: an anonymous researcher, an anonymous researcher

Additional recognition

WebKit
We would like to acknowledge Johnny Nipper of Tinder Security Team
for their assistance.

Installation note:

Safari 11.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9Gl8pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYFUQ//
QO1Al/D5ErPzNtbiQEnmPD4O5JMl/mz+ztGEkncEBWZiq9/4X0B1WLr+Ve/hF4l2
mkDPU2EEcPTg/pDvyeYnh4xKCcCScgUHpwdqAmtECG4C59IH+uL1PCbi2UDVZ6Jg
W/xpP3DFykn1e2/R5ZE1iObZc+jLz5Rta3k0/Z0v5YhXY7x+vtMhSMh3HTPhy28T
eoHRY0W9iWZUCkuKV0ugCGGsnrx5awbz4rHBdGCewEWeUrk5+h6Mwo6sJTAoO+0E
nVKdRu0hvU1RzZSn3eiLSvo5qVNNT6bK7hf1P3eMUdJ7e5/unIIE6WXo8ox5iyRB
sdNqI8K/HuBzcpKggXFAjVce+CDc5LVd2Kf1g/ymqejHqGp3VEhGY8FwJRTFBenm
svzGQLGAFpg2bl3oKt9RCfQG/NGWjg2HTgp4eHDqEeqkQNENxjDAMYYm3Z7O2ODI
JzaHXunbltbUNzgzfUzfGX/xtDmnNczijYd1vpIc9C1l0nv620HW3aOqv1vP2bxT
JQFWwoZiJ7plmgRXLzBR2lvcyEfNWOE466yF+QIo5iBWOeGrBZqb5dYkqEskrDFk
4ju2DsG61j+aK5flU5C7Z6JZLGVBEOm+2OuUu+O4+aboHV0mEDcitl7RUFUWfW2d
p5479DG4FgkWaZZH9I7eC2xMrPDspLU7Jscg6UCpeyQ=3D
=3DD/co
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWsMTGYx+lLeg9Ub1AQgI2g//dGnik1xjgC606gdajOcm+y/nOimHrN3f
h0kJdPRrVfg+vjiDpEZsZKRDIZi75xOnUW2i7u8/fR+PNPQ8/xFUcJUeIooekbMV
7fuMpr/5t+hXPCZvjh11omVRNXDPbaxCQjnwrBS+Y1npwwOoev65MRxXKJJi9v9j
epDs236z/A90lg5i7vs3aMay3wdOTw0SD8wH7MTvcU9CkSB+S6EWCdwEcDgCKUXN
TajnE+NrDaXuag3dI+HMXJ3oX2jqpIrSxW/8e41YHKAQ7vMk69cHL264/MyQ7okU
2NZPJJDjUMOsFvioWokXV3t6q62h96Cr+rvsoCAplo4f/M2vur8jX6QmAbvxXX+7
ml396rON5PpN5ePzeqscUWpaIawmYhQIlBLSAs9iAr6qclVAntWlWVU4FNTaEOAj
4J8GHkfAV2pLziFG/fRmPoYD/SONN08aNDNurISA2ep7V+RvTr3rVc01MpCh++cc
RUtYYV0gV6nVyTBZHZgbkjoMveMG/PNkUQuY4zbPfx9tnphN5g0Er2eXTORONy9Z
eODDZyNdyOxpf1P6wUoJup7JTh6hUD9ml0p4YdoxB/PegYauHDMiTGCS1sVkzLat
NC8fXQcS0CK2xjtc6GoAFKFcOMy+qC974I2FGYzDl/UmptnfN/GVs8ESbTuq05x4
OQEWQ/54uf4=
=5T6v
-----END PGP SIGNATURE-----

« Back to bulletins