Multiple flaws were identified in Apple’s new macOS High Sierra 10.13.5. These flaws affect components like Accessibility Framework, AMD, apache_mod_php, ATS, Bluetooth, FontParser, Graphics Drivers, Hypervisor, iBooks, Kernel, libxpc, Mail, Messages, Security, UIKit, and Windows Server. The flaws in the above components could lead to Arbitrary Code Execution, Kernel Memory Disclosure, Privilege Escalation, Information Disclosure, Tampering with the EFI Flash Memory Region, Disclosure of Restricted Memory, Spoofing of password prompts, Denial of Service, User Tracking, Modification of the state of Keychain, Leaking of account identifiers and Leaking of device identifiers. There were multiple bugs that were addressed with the release of iOS 11.4 affecting Bluetooth, Contacts, FontParser, iBooks, Kernel, libxpc, Magnifier, Mail, Messages, Safari, Security, Siri Contacts, UIKit, and WebKit. These flaws could result in elevation of privilege, denial of service, arbitrary code execution, password prompt spoofing, information disclosure, leaking of identifiers, leaking of private contact information, address bar spoofing, overwritten cookies, and unexpected Safari crashes.
Affected Components
macOS High Sierra 10.13.5 and iOS 11.4
Accessibility Framework
The Accessibility Framework is available for macOS High Sierra 10.13.4. An information Disclosure bug exists in Accessibility Framework that allows an attacker to use a malicious application and execute arbitrary code with system requirements. This flaw was addressed with improved memory management and is identified as CVE-2018-4196.
AMD
AMD is available for macOS High Sierra 10.13.4. An out of bounds read bug exists in AMD that allows a local user to read and disclose kernel memory. This flaw can be addressed with improved input validation and is identified as CVE-2018-4253.
apache_mod_php
apache_mod_php is available for macOS High Sierra 10.13.4. There were issues in php and addressed by updating to php version 7.1.16 and is identified as CVE-2018-7584.
ATS
ATS is available for macOS High Sierra 10.13.4. A type confusion bug existed that allows attacker to use malicious application to elevate privileges. This flaw can be addressed with improved memory handling and is identified as CVE-2018-4219.
Bluetooth
Bluetooth is available for OS X EI Captain 10.11.6, macOS High Sierra 10.12.6, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An information disclosure bug existed in device properties that allows an attacker to determine kernel memory layout. This flaw can be addressed with improved object management and is identified as CVE-2018-4171.
Firmware
Firmware is available for macOS High Sierra 10.13.4. A device configuration bug existed in Firmware that allows an attacker to use malicious application with root privileges and modify EFI flash memory region. This flaw can be addressed with an updated configuration and is identified as CVE-2018-4251.
FontParser
FontParser is available for macOS High Sierra 10.12.6, OS X EI Captain 10.11.6 and macOS High Sierra 10.13.4 and iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A memory corruption bug existed in FontParser that allows an attacker to process a malicious crafted font file and execute malicious code. This flaw can be addressed with improved validation and is identified as CVE-2018-4211.
Grand Central Dispatch
Grand Central Dispatch is available for macOS High Sierra 10.13.4. A bug existed in parsing entitlement plists that allows an attacker to use a sanboxed process to overcome sandbox restrictions. This flaw can be addressed with improved input validation and is identified as CVE-2018-4229.
Graphics Drivers
Graphics Drivers are available for macOS High Sierra 10.13.4, OS X EI Captain 10.11.6, macOS High Sierra 10.12.6. A validation bug existed in Graphics Drivers that allows an attacker to use an application to read restricted memory. This flaw can be addressed with improved input sanitization and is identified as CVE-2018-4159.
Hypervisor
Hypervisor is available for macOS High Sierra 10.13.4. A memory corruption bug existed in Hypervisor that allows an attacker to execute arbitrary code with kernel privileges. This flaw can be addressed with improved locking and is identified as CVE-2018-4242.
iBooks
iBooks is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An input validation bug existed in iBooks that allows an attacker in a privileged network position to spoof password prompts. This flaw can be addressed with improved validation and is identified as CVE-2018-4202.
Intel Graphics Driver
Intel Graphics Driver is available for macOS High Sierra 10.13.4. A validation bug existed in Intel Graphics Driver that allows an attacker to use an application to read restricted memory. This flaw can be addressed with improved input sanitization and is identified as CVE-2018-4141.
IOFireWireAVC
Hypervisor is available for macOS High Sierra 10.13.4. A race condition existed in IOFireWireAVC that allows an attacker to use an application to execute arbitrary code with kernel privileges. This flaw can be addressed with improved locking and is identified as CVE-2018-4228.
IOGraphics
IOGraphics is available for macOS High Sierra 10.13.4. A memory corruption bug existed in IOGraphics that allows an attacker to execute arbitrary code with kernel privileges. This flaw can be addressed with improved memory handling and is identified as CVE-2018-4236.
IOHIDFamily
IOHIDFamily is available for macOS High Sierra 10.13.4. A memory corruption bug existed in IOHIDFamily that allows an attacker to execute arbitrary code with kernel privileges. This flaw can be addressed with improved memory handling and is identified as CVE-2018-4234.
Kernel
Kernel is available for macOS High Sierra 10.12.6, OS X EI Captain 10.11.6, macOS High Sierra 10.13.4. A denial of service bug existed in Kernel that allows an attacker in a privileged position to perform a denial of service attack. This flaw can be addressed with improved validation and is identified as CVE-2018-4249.
Kernel
Kernel is available for macOS High Sierra 10.12.6 and OS X EI Captain 10.11.6. A remote code execution bug existed in Kernel when some operating systems improperly handles Intel architecture debug exception after execution of certain instructions. This flaw allows an attacker to use this exception handling to gain access to Ring0 and access sensitive memory or control operating system processes. This flaw is identified as CVE-2018-8897.
Kernel
Kernel is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A buffer overflow bug existed in Kernel that allows an attacker to use an application and execute arbitrary code with kernel privileges. This flaw can be addressed with improved bounds checking and is identified as CVE-2018-4241 and CVE-2018-4243.
libxpc
libxpc is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A logic bug existed in libxpc that allows an attacker to use an application and gain elevated privileges. This flaw can be addressed with improved validation and is identified as CVE-2018-4237.
Mail is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and macOS High Sierra 10.13.4. A bug existed in the handling of encrypted Mail that allows an attacker to exfiltrate the contents of S/MIME- encrypted email. This flaw can be addressed with improved isolation of MIME in Mail and is identified as CVE-2018-4227.
Messages
Messages is available for macOS High Sierra 10.13.4. An injection bug existed in Messages that allows a local user to conduct impersonation attacks. This flaw can be addressed with improved input validation and is identified as CVE-2018-4235.
Messages
Messages is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A denial of service bug existed in Messages that allows an attacker to process a maliciously crafted message and lead to denial of service. This flaw can be addressed with improved message validation and is identified as CVE-2018-4240 and CVE-2018-4250.
NVDIA Graphics Driver NVDIA Graphics Driver is available for macOS High Sierra 10.13.4. A race condition bug existed in NVDIA Graphics Driver that allows an attacker to use an application to execute arbitrary code with kernel privileges. This flaw can be addressed with an improved locking and is identified as CVE-2018-4230.
Security
Security is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A bug existed in the handling of S-MIME certificates that allows an attacker to track the users using client certificates. This flaw can be addressed with improved validation of S-MIME certificates and is identified as CVE-2018-4221.
Security
Security is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An authorization bug existed that allows a local user to read a persistent account identifier. This flaw can be addressed with improved state management and is identified as CVE-2018-4223.
Security
Security is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An authorization bug existed that allows a local user to read a persistent device identifier. This flaw can be addressed with improved state management and is identified as CVE-2018-4224.
Security
Security is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An authorization bug existed that allows a local user to modify the state of the Keychain. This flaw can be addressed with improved state management and is identified as CVE-2018-4225.
Security
Security is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An authorization bug existed that allows a local user to view the sensitive user information. This flaw can be addressed with improved state management and is identified as CVE-2018-4226.
Speech
Speech is available for macOS High Sierra 10.13.4. A sandbox bug existed in the handling of microphone access that allows an attacker to use sandboxed process to overcome sandbox restrictions. This flaw can be addressed with improved handling of microphone access and is identified as CVE-2018-4184.
UIKit
UIKit is available for macOS High Sierra 10.13.4, iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A validation bug existed in the handling of text that allows an attacker to craft a malicious text file and lead to denial of service. This flaw can be addressed with improved validation of text and is identified as CVE-2018-4198.
Windows Server
Windows Server is available for OS X EI Captain 10.11.6, macOS High Sierra 10.12.6 and macOS High Sierra 10.13.4. A memory corruption bug existed in Windows Server that allows an attacker to use an application and execute arbitrary code with system privileges. This flaw can be addressed with improved memory handling and is identified as CVE-2018-4193.
Contacts
Contacts is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A validation bug existed in handling of phone numbers that allows an attacker to process a maliciously crafted vcf file and lead to denial of service. This flaw can be addressed with improved validation of phone numbers and is identified as CVE-2018-4100.
Magnifier
UIKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A permission bug existed in Magnifier that allows a person with physical access to an iOS device to view the last image used in Magnifier from the lockscreen. This flaw can be addressed with additional permission checks and is identified as CVE-2018-4239.
Safari
Safari is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A denial of service bug existed in Safari that allows an attacker to use a malicious website to cause a denial of service. This flaw can be addressed with improved validation and is identified as CVE-2018-4247.
Siri
Siri is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A bug existed in Siri permissions that allows a person with physical access to an iOS device and enable Siri from lockscreen. This flaw can be addressed with improved permission checking and is identified as CVE-2018-4238.
Siri
Siri is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A bug existed in Siri permissions that allows a person with physical access to an iOS device and read notifications of content that is set not to be displayed at the lockscreen. This flaw can be addressed with improved permission checking and is identified as CVE-2018-4252.
Siri Contacts
Siri Contacts is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A bug existed in Siri permissions that allows a person with physical access to an iOS device and see private contact information. This flaw can be addressed with improved permission checking and is identified as CVE-2018-4244.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. Multiple memory corruption bugs existed that allows an attacker to process maliciously crafted web content and execute arbitrary code. These flaws can be addressed with improved memory handling and is identified as CVE-2018-4201, CVE-2018-4218, CVE-2018-4233.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A buffer overflow bug existed that allows an attacker to process maliciously crafted web content and execute arbitrary code. This flaw can be addressed with improved memory handling and is identified as CVE-2018-4199.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A permissions bug existed in the handling of web browser cookies that allows an attacker to craft a malicious website and overwrite the cookies when the site is visited. This flaw can be addressed with improved restrictions and is identified as CVE-2018-4232.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A race condition bug existed that allows an attacker to process maliciously crafted web content and execute arbitrary code. This flaw can be addressed with improved locking and is identified as CVE-2018-4192.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A memory corruption bug existed that allows an attacker to process maliciously crafted web content and lead to an unexpected Safari crash. This flaw can be addressed with improved locking and is identified as CVE-2018-4214.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A memory corruption bug existed that allows an attacker to process maliciously crafted web content and execute arbitrary code. This flaw can be addressed with improved memory handling and is identified as CVE-2018-4204.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A type confusion bug existed that allows an attacker to process maliciously crafted web content and execute arbitrary code. This flaw can be addressed with improved memory handling and is identified as CVE-2018-4246.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A bug existed that allows an attacker to visit a maliciously crafted website leaking sensitive data. This flaw can be addressed with CORS- enabled fetch method and is identified as CVE-2018-4190.
WebKit
WebKit is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An out-of-bounds read bug existed that allows an attacker to process maliciously crafted web content and execute arbitrary code. This flaw can be addressed with improved input validation and is identified as CVE-2018-4222.
References
[1] About the security content of macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
https://support.apple.com/en-in/HT208849
[2] About the security content of iOS 11.4
https://support.apple.com/en-gb/HT208848
[3] Apple security updates
https://support.apple.com/en-in/HT201222