SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Apple Watch Vendors:   Apple
(Apple Issues Fix for Apple Watch) Apple iOS Multiple Remote Code Execution, Denial of Service, and Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1042006
SecurityTracker URL:  http://securitytracker.com/id/1042006
CVE Reference:   CVE-2018-4368, CVE-2018-4369, CVE-2018-4371, CVE-2018-4372, CVE-2018-4373, CVE-2018-4374, CVE-2018-4375, CVE-2018-4376, CVE-2018-4377, CVE-2018-4378, CVE-2018-4382, CVE-2018-4384, CVE-2018-4386, CVE-2018-4392, CVE-2018-4394, CVE-2018-4398, CVE-2018-4400, CVE-2018-4413, CVE-2018-4416, CVE-2018-4419, CVE-2018-4420   (Links to External Site)
Date:  Oct 30 2018
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can conduct denial of service attacks. Apple Watch is affected.

A remote user can trigger a memory corruption error in the AppleAVD component to execute arbitrary code [CVE-2018-4384].

A remote user can trigger a VCF validation flaw in the Contacts component to cause denial of service conditions [CVE-2018-4365].

A remote user can trigger a Miller-Rabin primality flaw in the CoreCrypto component [CVE-2018-4398].

A remote attacker may be able to leak memory via FaceTime [CVE-2018-4366].

A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution [CVE-2018-4367].

A remote user can trigger a memory corruption error in the Graphics Driver component to execute arbitrary code [CVE-2018-4384].

A remote user can trigger a memory corruption error in the ICU component to cause denial of service [CVE-2018-4394].

An application can trigger a memory corruption error in the IOHIDFamily component to execute arbitrary code with kernel privileges [CVE-2018-4427].

An application can trigger a privilege escalation flaw in the IPSec component [CVE-2018-4371].

An application can trigger a memory corruption error in the the kernel component to execute arbitrary code with kernel privileges [CVE-2018-4420].

An application can trigger a memory handling error in the the kernel component to read restricted memory [CVE-2018-4413].

An application can trigger a memory corruption error in the the kernel component to execute arbitrary code with kernel privileges [CVE-2018-4419].

A remote user can send a specially crafted flaw in the Messages component to cause user interface spoofing [CVE-2018-4390, CVE-2018-4391].

A remote user can trigger a logic error in the NetworkExtension component to cause DNS queries to be leaked [CVE-2018-4369].

A local user can trigger a flaw in the Notes component to share the device [CVE-2018-4388].

A remote user can trigger a logic error in the Safari Reader component to conduct cross site scripting attacks [CVE-2018-4374].

A remote user can trigger a flaw in the Safari Reader component to conduct cross site scripting attacks [CVE-2018-4377].

A remote user can trigger a flaw in the Security component to cause denial of service conditions [CVE-2018-4400].

A local user can trigger a flaw in the access to photos via Reply With Message on a locked device [CVE-2018-4387].

A remote user can trigger a logic error in the WebKit component to spoof the address [CVE-2018-4385].

A remote user can trigger a memory corruption error in the WebKit component to execute arbitrary code [CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4382, CVE-2018-4386, CVE-2018-4392, CVE-2018-4416].

A remote user can trigger a flaw in the WebKit component to cause denial of service conditions [CVE-2018-4409].

A remote user in a privileged network position can trigger a flaw in the WiFi component to cause denial of service conditions [CVE-2018-4368].

010 working with Trend Micro's Zero Day Initiative, HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, Juwei Lin (@panicaII) of TrendMicro Mobile Security Team, Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum, Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit├Ąt Darmstadt,
Mohamed Ghannam (@_simo36), Natalie Silvanovich of Google Project Zero, Pangu Team, Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ryan Pickren (ryanpickren.com), Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH, Tim Michaud (@TimGMichaud) of Leviathan Security Group, Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative, Yukinobu Nagayasu of LAC Co., Ltd., an anonymous researcher, an anonymous researcher, zhunki of 360 ESG Codesafe Team, lokihardt of Google Project Zero, ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro's Zero Day Initiative, videosdebarraquito, and zhunki of 360 ESG Codesafe Team reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Apple iOS interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.

A remote user can conduct denial of service attacks.

Solution:   Apple has issued a fix for CVE-2018-4368, CVE-2018-4369, CVE-2018-4371, CVE-2018-4372, CVE-2018-4373, CVE-2018-4374, CVE-2018-4375, CVE-2018-4376, CVE-2018-4377, CVE-2018-4378, CVE-2018-4382, CVE-2018-4384, CVE-2018-4386, CVE-2018-4392, CVE-2018-4394, CVE-2018-4398, CVE-2018-4400, CVE-2018-4413, CVE-2018-4416, CVE-2018-4419, and CVE-2018-4420 for Apple Watch.

The Apple advisory is available at:

https://support.apple.com/en-us/HT209195

Vendor URL:  support.apple.com/en-us/HT209195 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Oct 30 2018 Apple iOS Multiple Remote Code Execution, Denial of Service, and Cross-Site Scripting Attacks



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC