Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0967 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan 3 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: High Sierra Publisher: Apple Operating System: Mac OS Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Console/Physical Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-4176 CVE-2018-4175 CVE-2018-4174 CVE-2018-4170 CVE-2018-4167 CVE-2018-4166 CVE-2018-4160 CVE-2018-4158 CVE-2018-4157 CVE-2018-4156 CVE-2018-4155 CVE-2018-4154 CVE-2018-4152 CVE-2018-4151 CVE-2018-4150 CVE-2018-4144 CVE-2018-4143 CVE-2018-4142 CVE-2018-4139 CVE-2018-4138 CVE-2018-4136 CVE-2018-4135 CVE-2018-4132 CVE-2018-4131 CVE-2018-4115 CVE-2018-4112 CVE-2018-4111 CVE-2018-4108 CVE-2018-4107 CVE-2018-4106 CVE-2018-4105 CVE-2018-4104 CVE-2017-13890 CVE-2017-8816 Reference: ESB-2018.0965 ESB-2018.0964 ESB-2018.0963 ESB-2017.3058 ESB-2017.3040 ESB-2017.3037.2 Original Bulletin: https://support.apple.com/en-au/HT208692 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan Admin Framework Available for: macOS High Sierra 10.13.3 Impact: Passwords supplied to sysadminctl may be exposed to other local users Description: The sysadminctl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. This update makes the password parameter optional, and sysadminctl will prompt for the password if needed. CVE-2018-4170: an anonymous researcher APFS Available for: macOS High Sierra 10.13.3 Impact: An APFS volume password may be unexpectedly truncated Description: An injection issue was addressed through improved input validation. CVE-2018-4105: David J Beitey (@davidjb_), Geoffrey Bugniot ATS Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: Processing a maliciously crafted file might disclose user information Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2018-4112: Haik Aftandilian of Mozilla CFNetwork Session Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel Gro=C3=9F (@5aelo) CoreFoundation Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4155: Samuel Gro=C3=9F (@5aelo) CVE-2018-4158: Samuel Gro=C3=9F (@5aelo) CoreText Available for: macOS High Sierra 10.13.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH CoreTypes Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: Processing a maliciously crafted webpage may result in the mounting of a disk image Description: A logic issue was addressed with improved restrictions. CVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis curl Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: Multiple issues in curl Description: An integer overflow existed in curl. This issue was addressed through improved bounds checking. CVE-2017-8816: an anonymous researcher Disk Images Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: Mounting a malicious disk image may result in the launching of an application Description: A logic issue was addressed with improved validation. CVE-2018-4176: Theodor Ragnar Gislason of Syndis Disk Management Available for: macOS High Sierra 10.13.3 Impact: An APFS volume password may be unexpectedly truncated Description: An injection issue was addressed through improved input validation. CVE-2018-4108: Kamatham Chaitanya of ShiftLeft Inc., an anonymous researcher File System Events Available for: macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4167: Samuel Gro=C3=9F (@5aelo) iCloud Drive Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4151: Samuel Gro=C3=9F (@5aelo) Intel Graphics Driver Available for: macOS High Sierra 10.13.3 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4132: Axis and pjf of IceSword Lab of Qihoo 360 IOFireWireFamily Available for: macOS High Sierra 10.13.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4135: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. Kernel Available for: macOS High Sierra 10.13.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4150: an anonymous researcher Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC) Kernel Available for: macOS High Sierra 10.13.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6) Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2018-4136: Jonas Jensen of lgtm.com and Semmle Kernel Available for: macOS High Sierra 10.13.3 Impact: An application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2018-4160: Jonas Jensen of lgtm.com and Semmle kext tools Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: An application may be able to execute arbitrary code with system privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2018-4139: Ian Beer of Google Project Zero LaunchServices Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: A maliciously crafted application may be able to bypass code signing enforcement Description: A logic issue was addressed with improved validation. CVE-2018-4175: Theodor Ragnar Gislason of Syndis Mail Available for: macOS High Sierra 10.13.3 Impact: An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of S/MIME HTML e-mail. This issue was addressed by not loading remote resources on S/MIME encrypted messages by default if the message has an invalid or missing S/MIME signature. CVE-2018-4111: an anonymous researcher Mail Available for: macOS High Sierra 10.13.3 Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4174: an anonymous researcher, an anonymous researcher Notes Available for: macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4152: Samuel Gro=C3=9F (@5aelo) NSURLSession Available for: macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel Gro=C3=9F (@5aelo) NVIDIA Graphics Drivers Available for: macOS High Sierra 10.13.3 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4138: Axis and pjf of IceSword Lab of Qihoo 360 PDFKit Available for: macOS High Sierra 10.13.3 Impact: Clicking a URL in a PDF may visit a malicious website Description: An issue existed in the parsing of URLs in PDFs. This issue was addressed through improved input validation. CVE-2018-4107: an anonymous researcher PluginKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4156: Samuel Gro=C3=9F (@5aelo) Quick Look Available for: macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel Gro=C3=9F (@5aelo) Security Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo) Storage Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4154: Samuel Gro=C3=9F (@5aelo) System Preferences Available for: macOS High Sierra 10.13.3 Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup. CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera Terminal Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3 Impact: Pasting malicious content may lead to arbitrary command execution spoofing Description: A command injection issue existed in the handling of Bracketed Paste Mode. This issue was addressed through improved validation of special characters. CVE-2018-4106: Simon Hosie WindowServer Available for: macOS High Sierra 10.13.3 Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management. CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH Installation note: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9Gl4pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbLsBAA ulM5yGdq+lKTJ1XYrVVdH9k5QStzg551Ss0sHS84bC6p5AzSh+mFHITJDKyF3H+M To0SoSwzdHrEmXNZ2LPAz9C0h9FSFh4AAhz3Fng4Qbd4L+Q+MypPnrpVZIMO9Iy8 srwJzbpa3LQ9Nq6NGmTD68wTyN2hjdcIc/ifsBev71HGx695Axr9tEV4PBzXyhZE aZpUBc1e7PvDzLh4VjVRRfk591zRjzEGWuZH/1kbwmFuIBqb3BCaL6MQ4sFZUPw9 L26Q/RrFDA9KMb2P0K1EA2kTEoqAu51d31SgSGe8AskUdPaVE33juxXGde3LT+5F OdfZ4iDc7MB808CU7aauzsed0DgYUPnenphj/+iIsZm//8fUt2YKCHT48uS8mjBp W2rClecQ3J+nz3hmvoR5/tvJ2QsiZtir2CsGbZ7nLhxaNu098yJ22fQPpJeHy0pr CIgp5qsNs0Qej7VOkjFWWPBvKwDYhnTInR8tHSHtxyUiG+voLGnMXKv94kPqMhUZ Byhosi55N9wGEmAhHmjFr71E8H4gU1ZbKQo0UYulnXd22vzBWrPX5BQW9F0xLSMT 6mbkCh3gSWyVvhcCbQ/v3ajWoaC4ZyyUllLgpSZgr5bFt9YJGAVLngRX47oI27uS 8tPmXxjKq86HBH8Otmicu/yb9qf5d3lb/TwMawbH/iU=3D =3DXshl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWsMQy4x+lLeg9Ub1AQgCkw//Tws/ilBCzoUXgs59zRyj3G1Sh8iBiTQ6 9GZHS0V93WXeGl1o/jcNUTR2R3r1/9gI6TYotQ+BRgIveQU/j1zl8IJ5gF8eOwAF NvhjBpZDEy+kXqNGA/L/Kw0TIeATfO11tNjYMAplYFewySuepr8lfBCM78HQdT+V fhEEev1WTWrtTdnCX84VPLz4LUry8XIR9KT+sUVER4duPHse+SexJYx6cWYDZ0SN ilemuRzXp9VLtCHuaV7iXx9HPHX8aRSGh7+FB52Cm2XtwdNdX3ib0AuwlDTnaaNF 4v4TrmVqPyRhIRL02kU4+Ps6XjeFBIZFRZPZngKmWP3p2YBQgezQ7G3JL0WDZbvs elFjVDFWi/YKkvL1idkp4PHDqyM07mGeouDr8GmP9wEj/DhW58C6rkpvsRogjyal a3tukUFwyykXsixzG5h5D4tehX6lTTXpgQ5OwJmCsOo19xaAm8Pz1q8T+o1r3oXb MPhGfN+EaIQpOVAgfB3Pp+uSAhV0hLH+R3DfS/ieueg+FakfFVli2JeJNlnslnyA GrhG+qYK9WS/ENOGFVIRfOj4RIwm0eyg2McQ094Z4iFG7neGYR/iuo1AN5Y7u2Qb JGmWHw6GFyO1LIThUb7fBDgME/k9YdHOkrjvlphn4nBuEODvx87Yp6DqoebbzLox LJVOf3I2QBk= =0vAl -----END PGP SIGNATURE-----