Categories
macOS News security Software

Apple releases Security Update 2018-04 for El Capitan, Sierra operating systems

It’s a fairly large update, but it helps.

On Thursday, Apple released Security Update 2018-04 for its El Capitan and Sierra operating systems. The update, a 786 megabyte download via the App Store’s “Update” tab, addresses the following issues:

AMD
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team

APFS
Available for: macOS High Sierra 10.13.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4268: Mac working with Trend Micro’s Zero Day Initiative


ATS
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to gain root privileges
Description: A type confusion issue was addressed with improved memory handling.
CVE-2018-4285: Mohamed Ghannam (@_simo36)

Bluetooth
Available for: MacBook Pro (15-inch, 2018) and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports)
Other Mac models were addressed with macOS High Sierra 10.13.5.
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham
Entry added July 23, 2018

CFNetwork
Available for: macOS High Sierra 10.13.5
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed with improved checks.
CVE-2018-4293: an anonymous researcher

CoreCrypto
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to break out of its sandbox
Description: A memory corruption issue was addressed with improved input validation.
CVE-2018-4269: Abraham Masri (@cheesecakeufo)

DesktopServices
Available for: macOS Sierra 10.12.6
Impact: A local user may be able to view sensitive user information
Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation.
CVE-2018-4178: Arjen Hendrikse

IOGraphics
Available for: macOS High Sierra 10.13.5
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2018-4283: @panicaII working with Trend Micro’s Zero Day Initiative

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
Impact: Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel
Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.
An information disclosure issue was addressed with FP/SIMD register state sanitization.
CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival

libxpc
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4280: Brandon Azad

libxpc
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2018-4248: Brandon Azad

LinkPresentation
Available for: macOS High Sierra 10.13.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2018-4277: xisigr of Tencent’s Xuanwu Lab (tencent.com)

Additional recognition:
App Store
We would like to acknowledge Jesse Endahl & Stevie Hryciw of Fleetsmith, and Max Bélanger of Dropbox for their assistance.
Entry added August 8, 2018

Help Viewer
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance with four mitigations.

Kernel
We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro’s Zero Day Initiative for their assistance.

Security
We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance.