BugTraq
APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 May 08 2018 05:05PM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-05-08-1 Additional information for
APPLE-SA-2018-04-24-2 Security Update 2018-001

Security Update 2018-001 addresses the following:

Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
error handling.
CVE-2018-4206: Ian Beer of Google Project Zero

Kernel
Available for: macOS High Sierra 10.13.4
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: In some circumstances, some operating systems may not
expect or properly handle an Intel architecture debug exception
after certain instructions. The issue appears to be from an
undocumented side effect of the instructions. An attacker might
utilize this exception handling to gain access to Ring 0 and access
sensitive memory or control operating system processes.
CVE-2018-8897: Andy Lutomirski, Nick Peterson
(linkedin.com/in/everdox) of Everdox Tech LLC
Entry added May 8, 2018

LinkPresentation
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted text message may lead to UI
spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security
Platform Department, Roman Mueller (@faker_)

Installation note:

Security Update 2018-001 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlrxvQQpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEY/HxAA
tRDFZcMPnxucIk9vENarx+oXzhMPGDJri16zOS9m7gv019GP10OJ2aDyr6GQpaK1
s0eCGXMqXuZ3mr7ZDikleB0xddPi+9mEjqSkfgxeP7WKFXSjAFCjc6sbv1SSq8IH
km4yqtbQLFiVmL4BYnVW0GhYwWAgFn3QAKKZjD6TZYTrtOnxuQKkPqhZgD3xLG8y
aYd0FgRX2AN23c157Gvn/nN3gYAtLxhlCwv5DcMuDH9BNPB6RR+qNPWaz6nxOukm
aOeigkHhYwvVK4AlITE06R4UBJRq8LBxC2xLzEbr4jQZnRq1uT94w4SqCLhJUQ1z
e7k5Aj9tp1HnS5ZSX6+lOohMDI3iQ8h3XS4NGj4I962QIlovuCmAgkqzN/OeH4LV
sxmqUEF/SeriryotcN/NCRjQSbmjwleVkmJ6pcEUTT3X+/EuFgOajj1/jm9ntrDv
4rsB/6CxZSC5+dW51L337GsjxPMiNBHhALXYuen/Xd35kU7YOLosFeFlednmBgYY
otXb832XGmW2C65uM/+zWJHJ/DW0NXF2GZkvD15rd7SUdKQjyO9003TJFudx3w4W
9y9LXSIF7b7KW1SaAgHr3ayWaXsioaSOeBrlURG6o/eLfRfrrBiwAMNqn/TPwsP1
/S1rasMuleP9L8h3kSm0Z1+j7iZIDaCuIZ2fgP6G/UE=
=fLK2
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus