—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4
macOS High Sierra 10.13.6, Security Update 2018-004 Sierra,
Security Update 2018-004 El Capitan

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-004 El Capitan address the following:

AMD
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team

APFS
Available for: macOS High Sierra 10.13.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4268: Mac working with Trend Micro’s Zero Day Initiative

ATS
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to gain root privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4285: Mohamed Ghannam (@_simo36)

Bluetooth
Available for: MacBook Pro (15-inch, 2018), and MacBook Pro
(13-inch, 2018, Four Thunderbolt 3 Ports)
Other Mac models were addressed with macOS High Sierra 10.13.5.
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham

CFNetwork
Available for: macOS High Sierra 10.13.5
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed with improved
checks.
CVE-2018-4293: an anonymous researcher

CoreCrypto
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.5
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4269: Abraham Masri (@cheesecakeufo)

CUPS
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.5
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2018-4276: Jakub Jirasek of Secunia Research at Flexera
Entry added October 30, 2018

DesktopServices
Available for: macOS Sierra 10.12.6
Impact: A local user may be able to view sensitive user information
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed with improved
permission validation.
CVE-2018-4178: Arjen Hendrikse

IOGraphics
Available for: macOS High Sierra 10.13.5
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2018-4283: @panicaII working with Trend Micro’s Zero Day
Initiative

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.5
Impact: Systems using Intel® Core-based microprocessors may
potentially allow a local process to infer data utilizing Lazy FP
state restore from another process through a speculative execution
side channel
Description: Lazy FP state restore instead of eager save and restore
of the state upon a context switch. Lazy restored states are
potentially vulnerable to exploits where one process may infer
register values of other processes through a speculative execution
side channel that infers their value.

An information disclosure issue was addressed with FP/SIMD register
state sanitization.
CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of
Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of
SYSGO AG (sysgo.com), and Colin Percival

Kernel
Available for: macOS High Sierra 10.13.5
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com
Entry added October 30, 2018

libxpc
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.5
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4280: Brandon Azad

libxpc
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4248: Brandon Azad

LinkPresentation
Available for: macOS High Sierra 10.13.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2018-4277: xisigr of Tencent’s Xuanwu Lab (tencent.com)

Perl
Available for: macOS High Sierra 10.13.5
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved
memory handling.
CVE-2018-6797: Brian Carpenter
CVE-2018-6913: GwanYeong Kim
Entry added October 30, 2018

Ruby
Available for: macOS High Sierra 10.13.5
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple issues in Ruby were addressed in this update.
CVE-2017-898
CVE-2017-10784
CVE-2017-14033
CVE-2017-14064
CVE-2017-17405
CVE-2017-17742
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
Entry added October 30, 2018

Additional recognition

App Store
We would like to acknowledge Jesse Endahl & Stevie Hryciw of
Fleetsmith and and Max Bélanger of Dropbox for their assistance.

Help Viewer
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.

Kernel
We would like to acknowledge juwei lin (@panicaII) of Trend Micro
working with Trend Micro’s Zero Day Initiative for their assistance.

Security
We would like to acknowledge Brad Dahlsten of Iowa State University
for their assistance.

Installation note:

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-004 El Capitan may be obtained from the Mac App
Store or Apple’s Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EgwhAA
rut4Qepkh88tcd23FV/Fz6uEdqa2MDPRPhVs6rM5iM7912vhtVZHz1sDUpSwNFe+
Hfdx0qsZaxY1sKjqMejq5mpanjFWhCCWb7MxifGm1HTJRMibuTAW7zVwD51jsG7z
GpQtZ8ASaW9NErn+3IPB0O//CCvAKR/qyqn+KyEhYw+xtz2j+dzneB6lpwFkiqG2
0Iz5DQ2Hwms/88byzoXLWljAApvgSeant1YAiShq9bvQ3iWSkLSoo1dEa9jhhGJV
jKyc+XloM7AfAHl6sjR6t3Cgdmfpy7s4osx17tqa4B5CYUloBGcZ0SZrL6iJDDvV
5OTsXHCQ9NLwZrdAwIgfcVcs01Y8hVkpjhCmm2InGwREJUtpYefCQ/kIlDa1YOym
3ua/SEO5+UYSVspG45vTdRB6SNSzeWzcQvJohrXavSllttcGyNx9RxMSr9CGxNSE
Vjmo30J8D2Oow2hMtK1PWXxI+t4UadO33rL1H2u8ivl9J1BI9sEL0linFTUpEnIS
iIRYUdrr+ZduSsC21NBLhMOak61GWYQRSN+p3nbL7fDqZCFdBSwvye4q2MmZG1Op
aDePXQWSPgzlXzfi2C6KiR+lSyZlgCwtwhPGlzDFH5MGxr5Tleov98GB4uml91lj
PVSMCsvYvRarIh6enmy+SR/6X7gVgrpx4m/fdraBwTw=
=e0YF
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)