ESB-2018.1987 - [Mac] macOS: Multiple vulnerabilities 2018-07-10

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1987
        macOS High Sierra 10.13.6, Security Update 2018-004 Sierra,
                    Security Update 2018-004 El Capitan
                               10 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise                -- Existing Account            
                   Access Privileged Data         -- Existing Account            
                   Provide Misleading Information -- Remote with User Interaction
                   Unauthorised Access            -- Existing Account            
                   Reduced Security               -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-4293 CVE-2018-4289 CVE-2018-4285
                   CVE-2018-4283 CVE-2018-4280 CVE-2018-4277
                   CVE-2018-4269 CVE-2018-4268 CVE-2018-4248
                   CVE-2018-4178 CVE-2018-3665 

Original Bulletin: 
   https://support.apple.com/en-au/HT208937

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update
2018-004 Sierra, Security Update 2018-004 El Capitan

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-004 El Capitan are now available and address
the following:

AMD
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team

APFS
Available for: macOS High Sierra 10.13.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative

ATS
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to gain root privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4285: Mohamed Ghannam (@_simo36)

CFNetwork
Available for: macOS High Sierra 10.13.5
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed with improved
checks.
CVE-2018-4293: an anonymous researcher

CoreCrypto
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4269: Abraham Masri (@cheesecakeufo)

DesktopServices
Available for: macOS Sierra 10.12.6
Impact: A local user may be able to view sensitive user information
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed with improved
permission validation.
CVE-2018-4178: Arjen Hendrikse

IOGraphics
Available for: macOS High Sierra 10.13.5
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2018-4283: @panicaII working with Trend Micro's Zero Day
Initiative

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.5
Impact: Systems using Intel® Core-based microprocessors may
potentially allow a local process to infer data utilizing Lazy FP
state restore from another process through a speculative execution
side channel
Description: Lazy FP state restore instead of eager save and restore
of the state upon a context switch. Lazy restored states are
potentially vulnerable to exploits where one process may infer
register values of other processes through a speculative execution
side channel that infers their value.

An information disclosure issue was addressed with FP/SIMD register
state sanitization.
CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of
Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of
SYSGO AG (sysgo.com), and Colin Percival

libxpc
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.5
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4280: Brandon Azad

libxpc
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4248: Brandon Azad

LinkPresentation
Available for: macOS High Sierra 10.13.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)

Additional recognition

Help Viewer
We would like to acknowledge Wojciech Regula (@_r3ggi) of SecuRing
for their assistance.

Help Viewer
We would like to acknowledge Wojciech Regula (@_r3ggi) of SecuRing
for their assistance.

Help Viewer
We would like to acknowledge Wojciech Regula (@_r3ggi) of SecuRing
for their assistance.

Help Viewer
We would like to acknowledge Wojciech Regula (@_r3ggi) of SecuRing
for their assistance.

Kernel
We would like to acknowledge juwei lin (@panicaII) of Trend Micro
working with Trend Micro's Zero Day Initiative for their
assistance.

Security
We would like to acknowledge Brad Dahlsten of Iowa State University
for their assistance.

Installation note:

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-004 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFIpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCYjTxAA
o5FZCAbCUKeJg2B51qvpra/F/lZRam+p/SML93i8FfferCJwm/8L1rNB6HMWNMLQ
GaP4RYuCL2MS2fcmxUX+UkM29O3hilMMqp0xDbR5A0qf8gMglJ6He0fH8v2kg1Ta
NgT2lvwuhbAgaix7cl6zTgOZpXTz7sbihUcdfkSliJV05xwJjCtjiJB/9c7VylQ3
f4ZYDtBpYJbAoD2l68DmQqUN398lJbdv4zjJRYgbZNeCxtKS6ejhuvwGNLTSaBdP
ukaLRMJeq2hfI7ZMeNOc5b6TyDrPmsTYjyAqsaOfT44M6OtmsbP+PzNRao3VceEt
Lr/AObtxnBlTvyTytkV1tbSTfSzTI+1nVPyXwTFoS8Tq5mhTmxNd+NFO0phAqWYm
G3QkOqcSnenMf/mcP2T/wTCCxV5wxbhdKZUVJiCvppBDbbmgLrjh3SDxC2Oipb8z
2+LTVP5WTcp1zBPXmOFQ0eChq5oP5QDSCwv3f/CW9c9PR6bkNfVIY72vpZL1mBQH
R2pUWRC+HBJfoTnbKut4X6A0i5AM0BiZ57LQgUfAVUHhJHn1LLgAWZh532WSUMXA
HNmPzfS77sDM9rlwm7t+UMmYtolScYmj/g1d67o7R0X1Ga7/0L3fdd3Tl2pvDdr1
EZ5vqkVl6IwWJYq3V502ZQ+Otqt97CmqXcPiqjcvb+M=
=u5r+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW0P2e2aOgq3Tt24GAQgCtA/+NsPUeqyADMBsX5fkh3LpDkvGfWwQ1+8R
Bh+CLA2lJgJkey23CjGlyOfdFfJqzdENETBi2LAB65/6HZKW3JAh4CAPt+XSFTwl
FqVXOSugMZseOYXQlVc5wgEjY99Ec7UvQhfSTVj3rXgyNe0jrJrFG5XSklWQHD3d
aPuqJfJKIH4YLjMXg6pKtzwVevShLUh/RKhqUkA5Bq1kJrNO6oaOi3mv0YWAA0mD
DA3ElFTkDjQaQhtsKr0+Jc6gLpaq0FYv+e73r6qJCSLLE3CVZybNgUN8TkR2gHmR
2gcNhmMnz9tVVC671tFWt9Bv99Fz7dnlUWepJVIV/5EJ4bIcE5uHV1BGQ5bpR/c6
bA/YIMPhRYMOwN3mhsyM44+8BuSBVhqCLsrTpTR243BJMLKKtSdZ/rWgZXY5bT17
Uz5dtO6kAsbVKMC9hEsszn3BmURrmWOL2nHULRjegJj9wdZydATaGxLY9rxbojB0
l0LJhEV/Rrcr3IMVZQP11XDeWpg61TdefiwFaM8hmcEEL/jYhdQsplAHMpppGw33
4ttzVYc/2PjTrSmVFr4M0VZRE3MiwC+nXVM7HWZ6IlLOIcCwBHat1RPYlQ6WlUQp
zr1q4k3pQ11QStukaht/G8cmFxhqzGISO/T97cNkwo+5NkJiuowYrdPEmALaPhiP
35GACW1HNcA=
=5bDG
-----END PGP SIGNATURE-----

« Back to bulletins