CERT-In Advisory
CIAD-2018-0031
Multiple Vulnerabilities in Apple macOS/OS X
Original Issue Date: November 15, 2018
Severity Rating: High
Software Affected
- Apple macOS Sierra 10.12.6
- Apple macOS High Sierra 10.13.6
- Apple macOS Mojave 10.14
Overview
Multiple vulnerabilities have been reported in Apple macOS which could be exploited by an attacker to execute arbitrary code, cause denial of service (DoS) condition, gain elevated privileges or conduct side-channel attacks to read privileged memory and obtain potentially sensitive information on the targeted system.
Description
The vulnerabilities are due to the memory corruption issues, improper input validation ,out-of-bounds read flaw, exploitation of the Miller-Rabin primarily test weakness, restricted files access, privilege escalation flaws, race conditions in CPU data cache processing, configuration error in EFI component, buffer overflow issues, security restrictions bypass and information disclosure flaw.
Successful exploitation of these vulnerabilities could also allow the attacker to cause user interface spoofing due to processing a maliciously crafted mail message.
Solution
Apply appropriate software updates as mentioned in the Apple Security updates
https://support.apple.com/en-us/HT209193
Vendor Information
Apple
https://support.apple.com/en-us/HT209193
References
Apple
https://support.apple.com/en-us/HT209193
Security Tracker
https://securitytracker.com/id/1042004
CVE Name
CVE-2018-4415
CVE-2018-4417
CVE-2018-4418
CVE-2018-4419
CVE-2018-4420
CVE-2018-4422
CVE-2018-4423
CVE-2018-4424
CVE-2018-4425
CVE-2018-4426
CVE-2018-6797
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
CVE-2017-10784
CVE-2017-12613
CVE-2017-12618
CVE-2017-14033
CVE-2017-14064
CVE-2017-17405
CVE-2017-17742
CVE-2018-3639
CVE-2018-3640
CVE-2018-3646
CVE-2018-4126
CVE-2018-4153
CVE-2018-4203
CVE-2018-4242
CVE-2018-4259
CVE-2018-4286
CVE-2018-4287
CVE-2018-4288
CVE-2018-4291
CVE-2018-4295
CVE-2018-4304
CVE-2018-4308
CVE-2018-4310
CVE-2018-4326
CVE-2018-4331
CVE-2018-4334
CVE-2018-4340
CVE-2018-4341
CVE-2018-4342
CVE-2018-4346
CVE-2018-4348
CVE-2018-4350
CVE-2018-4354
CVE-2018-4368
CVE-2018-4369
CVE-2018-4371
CVE-2018-4389
CVE-2018-4393
CVE-2018-4394
CVE-2018-4395
CVE-2018-4396
CVE-2018-4398
CVE-2018-4399
CVE-2018-4400
CVE-2018-4401
CVE-2018-4402
CVE-2018-4403
CVE-2018-4406
CVE-2018-4407
CVE-2018-4408
CVE-2018-4410
CVE-2018-4411
CVE-2018-4412
CVE-2018-4413
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|