Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.0967
macOS High Sierra 10.13.4, Security Update 2018-002 Sierra,
and Security Update 2018-002 El Capitan
3 April 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: High Sierra
Publisher: Apple
Operating System: Mac OS
Impact/Access: Root Compromise -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Console/Physical
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-4176 CVE-2018-4175 CVE-2018-4174
CVE-2018-4170 CVE-2018-4167 CVE-2018-4166
CVE-2018-4160 CVE-2018-4158 CVE-2018-4157
CVE-2018-4156 CVE-2018-4155 CVE-2018-4154
CVE-2018-4152 CVE-2018-4151 CVE-2018-4150
CVE-2018-4144 CVE-2018-4143 CVE-2018-4142
CVE-2018-4139 CVE-2018-4138 CVE-2018-4136
CVE-2018-4135 CVE-2018-4132 CVE-2018-4131
CVE-2018-4115 CVE-2018-4112 CVE-2018-4111
CVE-2018-4108 CVE-2018-4107 CVE-2018-4106
CVE-2018-4105 CVE-2018-4104 CVE-2017-13890
CVE-2017-8816
Reference: ESB-2018.0965
ESB-2018.0964
ESB-2018.0963
ESB-2017.3058
ESB-2017.3040
ESB-2017.3037.2
Original Bulletin:
https://support.apple.com/en-au/HT208692
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update
2018-002 Sierra, and Security Update 2018-002 El Capitan
Admin Framework
Available for: macOS High Sierra 10.13.3
Impact: Passwords supplied to sysadminctl may be exposed to other
local users
Description: The sysadminctl command-line tool required that
passwords be passed to it in its arguments, potentially exposing the
passwords to other local users. This update makes the password
parameter optional, and sysadminctl will prompt for the password if
needed.
CVE-2018-4170: an anonymous researcher
APFS
Available for: macOS High Sierra 10.13.3
Impact: An APFS volume password may be unexpectedly truncated
Description: An injection issue was addressed through improved input
validation.
CVE-2018-4105: David J Beitey (@davidjb_), Geoffrey Bugniot
ATS
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: Processing a maliciously crafted file might disclose user
information
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2018-4112: Haik Aftandilian of Mozilla
CFNetwork Session
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel Gro=C3=9F (@5aelo)
CoreFoundation
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4155: Samuel Gro=C3=9F (@5aelo)
CVE-2018-4158: Samuel Gro=C3=9F (@5aelo)
CoreText
Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
CoreTypes
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: Processing a maliciously crafted webpage may result in the
mounting of a disk image
Description: A logic issue was addressed with improved restrictions.
CVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis
curl
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: Multiple issues in curl
Description: An integer overflow existed in curl. This issue was
addressed through improved bounds checking.
CVE-2017-8816: an anonymous researcher
Disk Images
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: Mounting a malicious disk image may result in the launching
of an application
Description: A logic issue was addressed with improved validation.
CVE-2018-4176: Theodor Ragnar Gislason of Syndis
Disk Management
Available for: macOS High Sierra 10.13.3
Impact: An APFS volume password may be unexpectedly truncated
Description: An injection issue was addressed through improved input
validation.
CVE-2018-4108: Kamatham Chaitanya of ShiftLeft Inc., an anonymous
researcher
File System Events
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4167: Samuel Gro=C3=9F (@5aelo)
iCloud Drive
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4151: Samuel Gro=C3=9F (@5aelo)
Intel Graphics Driver
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4132: Axis and pjf of IceSword Lab of Qihoo 360
IOFireWireFamily
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4135: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
Kernel
Available for: macOS High Sierra 10.13.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4150: an anonymous researcher
Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4143: derrek (@derrekr6)
Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2018-4136: Jonas Jensen of lgtm.com and Semmle
Kernel
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2018-4160: Jonas Jensen of lgtm.com and Semmle
kext tools
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2018-4139: Ian Beer of Google Project Zero
LaunchServices
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved validation.
CVE-2018-4175: Theodor Ragnar Gislason of Syndis
Mail
Available for: macOS High Sierra 10.13.3
Impact: An attacker in a privileged network position may be able to
exfiltrate the contents of S/MIME-encrypted e-mail
Description: An issue existed in the handling of S/MIME HTML e-mail.
This issue was addressed by not loading remote resources on S/MIME
encrypted messages by default if the message has an invalid or
missing S/MIME signature.
CVE-2018-4111: an anonymous researcher
Mail
Available for: macOS High Sierra 10.13.3
Impact: An attacker in a privileged network position may be able to
intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4174: an anonymous researcher, an anonymous researcher
Notes
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4152: Samuel Gro=C3=9F (@5aelo)
NSURLSession
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4166: Samuel Gro=C3=9F (@5aelo)
NVIDIA Graphics Drivers
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4138: Axis and pjf of IceSword Lab of Qihoo 360
PDFKit
Available for: macOS High Sierra 10.13.3
Impact: Clicking a URL in a PDF may visit a malicious website
Description: An issue existed in the parsing of URLs in PDFs. This
issue was addressed through improved input validation.
CVE-2018-4107: an anonymous researcher
PluginKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4156: Samuel Gro=C3=9F (@5aelo)
Quick Look
Available for: macOS High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4157: Samuel Gro=C3=9F (@5aelo)
Security
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)
Storage
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional
validation.
CVE-2018-4154: Samuel Gro=C3=9F (@5aelo)
System Preferences
Available for: macOS High Sierra 10.13.3
Impact: A configuration profile may incorrectly remain in effect
after removal
Description: An issue existed in CFPreferences. This issue was
addressed through improved preferences cleanup.
CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of
Wandera
Terminal
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.3
Impact: Pasting malicious content may lead to arbitrary command
execution spoofing
Description: A command injection issue existed in the handling of
Bracketed Paste Mode. This issue was addressed through improved
validation of special characters.
CVE-2018-4106: Simon Hosie
WindowServer
Available for: macOS High Sierra 10.13.3
Impact: An unprivileged application may be able to log keystrokes
entered into other applications even when secure input mode is
enabled
Description: By scanning key states, an unprivileged application
could log keystrokes entered into other applications even when secure
input mode was enabled. This issue was addressed by improved state
management.
CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH
Installation note:
macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and
Security Update 2018-002 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9Gl4pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbLsBAA
ulM5yGdq+lKTJ1XYrVVdH9k5QStzg551Ss0sHS84bC6p5AzSh+mFHITJDKyF3H+M
To0SoSwzdHrEmXNZ2LPAz9C0h9FSFh4AAhz3Fng4Qbd4L+Q+MypPnrpVZIMO9Iy8
srwJzbpa3LQ9Nq6NGmTD68wTyN2hjdcIc/ifsBev71HGx695Axr9tEV4PBzXyhZE
aZpUBc1e7PvDzLh4VjVRRfk591zRjzEGWuZH/1kbwmFuIBqb3BCaL6MQ4sFZUPw9
L26Q/RrFDA9KMb2P0K1EA2kTEoqAu51d31SgSGe8AskUdPaVE33juxXGde3LT+5F
OdfZ4iDc7MB808CU7aauzsed0DgYUPnenphj/+iIsZm//8fUt2YKCHT48uS8mjBp
W2rClecQ3J+nz3hmvoR5/tvJ2QsiZtir2CsGbZ7nLhxaNu098yJ22fQPpJeHy0pr
CIgp5qsNs0Qej7VOkjFWWPBvKwDYhnTInR8tHSHtxyUiG+voLGnMXKv94kPqMhUZ
Byhosi55N9wGEmAhHmjFr71E8H4gU1ZbKQo0UYulnXd22vzBWrPX5BQW9F0xLSMT
6mbkCh3gSWyVvhcCbQ/v3ajWoaC4ZyyUllLgpSZgr5bFt9YJGAVLngRX47oI27uS
8tPmXxjKq86HBH8Otmicu/yb9qf5d3lb/TwMawbH/iU=3D
=3DXshl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWsMQy4x+lLeg9Ub1AQgCkw//Tws/ilBCzoUXgs59zRyj3G1Sh8iBiTQ6
9GZHS0V93WXeGl1o/jcNUTR2R3r1/9gI6TYotQ+BRgIveQU/j1zl8IJ5gF8eOwAF
NvhjBpZDEy+kXqNGA/L/Kw0TIeATfO11tNjYMAplYFewySuepr8lfBCM78HQdT+V
fhEEev1WTWrtTdnCX84VPLz4LUry8XIR9KT+sUVER4duPHse+SexJYx6cWYDZ0SN
ilemuRzXp9VLtCHuaV7iXx9HPHX8aRSGh7+FB52Cm2XtwdNdX3ib0AuwlDTnaaNF
4v4TrmVqPyRhIRL02kU4+Ps6XjeFBIZFRZPZngKmWP3p2YBQgezQ7G3JL0WDZbvs
elFjVDFWi/YKkvL1idkp4PHDqyM07mGeouDr8GmP9wEj/DhW58C6rkpvsRogjyal
a3tukUFwyykXsixzG5h5D4tehX6lTTXpgQ5OwJmCsOo19xaAm8Pz1q8T+o1r3oXb
MPhGfN+EaIQpOVAgfB3Pp+uSAhV0hLH+R3DfS/ieueg+FakfFVli2JeJNlnslnyA
GrhG+qYK9WS/ENOGFVIRfOj4RIwm0eyg2McQ094Z4iFG7neGYR/iuo1AN5Y7u2Qb
JGmWHw6GFyO1LIThUb7fBDgME/k9YdHOkrjvlphn4nBuEODvx87Yp6DqoebbzLox
LJVOf3I2QBk=
=0vAl
-----END PGP SIGNATURE-----