Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1286 Security Update 2018-001 26 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS High Sierra 10.13.4 Publisher: Apple Operating System: Mac OS Impact/Access: Increased Privileges -- Existing Account Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-4206 CVE-2018-4187 Reference: ESB-2018.1285 Original Bulletin: https://support.apple.com/en-au/HT208742 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 is now available and addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero LinkPresentation Available for: macOS High Sierra 10.13.4 Impact: Processing a maliciously crafted text message may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_) Installation note: Security Update 2018-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlrezFopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZ+Yg// dMgwOpNNc7/jIt85juE14c+Nu+Tqu9TUsixT35ILk1xjF6QO7wSHAWcxeYlxLH7T IBvOj56ozmcka/Qx+7d0DvNcgbrJPwFzk/DlyJHGyItUZsIpFf2Zyoo5PZ+qg8II JUfVrey1hMvqih5ElI68rnf+r8DlUfic64Xucxg9Afd5LFdtDQQOGnnw/s2emnyp Gy34d2lYCtPwDFEGkFiDyHNWZYtZBxSuLLWqCmE5RZr5JgRb1z76GLna07vkW77t 3lkSTmE8+DnSzoPWQnyWN74tbrGEGb9bRQQTc2RYaIxWHWrufzyGPyLKXev4fx/S oVGzWwc+H77NKLYDEMCxjipw6FSTnUK1g65phs8NqcWzsRuG0kLy0+L55xlvHkw8 CCunpcMxvr9oaBMkaSfl+YnhkaB1/YCPYm9+LOtWGqcsKB1shi7Ld2Jm+5LBKL50 Vttqrwg1wqgdxExmJu5cX+4hVfAH+ee0ZWt7zwcUAoDetMOXAYzn8F8YMpnA1Ms3 umlrFv3QiynT609HfBGy3A3OoftL0VQJGms0FMUlkmu14F8UX9iww+KQpZxqZZOZ O7wFdarx5gfbmgJSquB1mx8XFYggAXFN/0/ZEYnBZ4KmUJRVnldMFp3YFXbm6zqI ds946HzuvheS9sCe7k2DcllqHVFbVsf7rblEKBof89Q= =715E - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWuFgiox+lLeg9Ub1AQj06RAAoYeAgrNAx6WM9l7sXUWvQHfWJdU/dTco GuhdrR7gyryS81WEo5JUK3DZzEqrqNdGpAeMHe40p5PwP/3EDx/SdXoOaPlZ50MH QxI7u5gdogQFT058cUu85a3POkPdrlGMoUVyfA3z+ZCmaLUXEAR/KzTt3DMaoI2D 2jts354S5q7e8+JIHxPPXk2psau/1NR2fKPjxBq1qJWvrDRg3ZEDYYKaLAlR78ue c9IOXHqcPereE7YEGMXfhqj0Je01vgpniegOi8kBtt7d7EP6Wibmpxzag/dy8KSQ 6dCkALvpKzipVy1DM0OCXucWwnaSLORnRLCVZ9sZOpXvlLJPLweZvAY9uCShdUvY 9LUN85bRe51TB8i0ge4a0pcDd7rGBsc+HSvjOaXxaNxV4KfCQP9vU6q3j7xJOHXZ 5oEnLkzSQDIH552IyXFI52thknJKYqrLWSX38py71YyPopmGkBFB+lJM892wlEet p0BHH4TAh5D5sfbtRNQhMUY3vr8eILXj8ZZlOVSm615kDO7g+VHD7xTFR8To7H/m SbPyXJxB5jg+jPkD+dh/5orYX+MAnhWMs3qqJSBTpulf10faEmjlffJZhIhE6VR9 pldT6UiQqn/9Not0kja6fsNzl/xJf6xYMCneKO7OTrgfIMklG9bQPIPH2d9WnGrJ 8ms2myjaQaQ= =3G8N -----END PGP SIGNATURE-----