SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Apple TV Vendors:   Apple
(Apple Issues Fix for Apple TV) Apple iOS Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, and Spoof URLs, Remote and Local Users Obtain Potentially Sensitive Information, and Let Applications Gain Elevated Privileges
SecurityTracker Alert ID:  1041239
SecurityTracker URL:  http://securitytracker.com/id/1041239
CVE Reference:   CVE-2018-4248, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4277, CVE-2018-4278, CVE-2018-4280, CVE-2018-4282, CVE-2018-4284, CVE-2018-4293   (Links to External Site)
Date:  Jul 10 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions on the target system. A remote user can cause cookies to persist. A remote user can spoof URLs. A remote or local user can obtain potentially sensitive information from system memory. A local user can obtain elevated privileges on the target system. Apple TV is affected.

A remote user can trigger a cookie management flaw in the CFNetwork component to cause cookies to persist [CVE-2018-4293].

A remote user can supply a specially crafted Emoji to trigger a memory handling error in the Emoji component and cause denial of service conditions [CVE-2018-4290].

A local user can trigger an out-of-bounds memory read error in the kernel to read kernel memory [CVE-2018-4282].

An application can trigger a memory corruption error in the libxpc component to gain elevated privileges [CVE-2018-4280].

An application can trigger an out-of-bounds memory read error in the libxpc component to read restricted memory [CVE-2018-4248].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger an error in the LinkPresentation component and spoof the address [CVE-2018-4277].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger a cross-origin access error in the WebKit component to exfiltrate audio data [CVE-2018-4278].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger a race condition in the WebKit component to cause denial of service conditions [CVE-2018-4266].

A remote user can create specially crafted web content that, when loaded by the target user, will can trigger a URL processing flaw in the WebKit component and spoof the address [CVE-2018-4274].

A remote user can trigger a memory corruption error in the WebKit component to cause Safari to crash [CVE-2018-4270].

A remote user can trigger a memory handling error in the WebKit component to execute arbitrary code [CVE-2018-4284].

A remote user can trigger a memory corruption error in the WebKit component to execute arbitrary code [CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272].

A remote user can trigger a memory corruption error in the WebKit component to cause Safari to crash [CVE-2018-4271, CVE-2018-4273].

A remote user can create specially crafted web content that, when loaded by the target user, will can trigger a user interface flaw in the WebKit Page Loading component to spoof the address [CVE-2018-4260].

An application can trigger a memory corruption error in the Wi-Fi component to break out of its sandbox [CVE-2018-4275].

Arayz of Pangu team (via Trend Micro's Zero Day Initiative), Brandon Azad, Jun Kokatsu (@shhnjk), Mateusz Krzywicki (via Trend Micro's Zero Day Initiative), Omair (via Trend Micro's Zero Day Initiative), Patrick Wardle of Digita Security, Proteas of Qihoo 360 Nirvan Team, an anonymous researcher, cc (via Trend Micro's Zero Day Initiative), Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab, and xisigr of Tencent's Xuanwu Lab (tencent.com) reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A local user can obtain potentially sensitive information from system memory on the target system.

A local user can obtain elevated privileges on the target system.

A remote user can bypass security controls on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can spoof a URL.

Solution:   The Apple has issued a fix for CVE-2018-4248, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4277, CVE-2018-4278, CVE-2018-4280, CVE-2018-4282, CVE-2018-4284, and CVE-2018-4293 for Apple TV (11.4.1).

The Apple advisory is available at:

https://support.apple.com/en-us/HT208936

Vendor URL:  support.apple.com/en-us/HT208936 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Jul 10 2018 Apple iOS Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, and Spoof URLs, Remote and Local Users Obtain Potentially Sensitive Information, and Let Applications Gain Elevated Privileges



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC