CVE-2018-4243 – Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist
https://notcve.org/view.php?id=CVE-2018-4243
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.4, las versiones de macOS anteriores a la 10.13.5, las versiones de tvOS anteriores a la 11.4 y las versiones de watchOS anteriores a la 4.3.1 se han visto afectadas. • https://www.exploit-db.com/exploits/44848 http://www.securitytracker.com/id/1041027 https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 https://support.apple.com/HT208848 https://support.apple.com/HT208849 https://support.apple.com/HT208850 https://support.apple.com/HT208851 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4171
https://notcve.org/view.php?id=CVE-2018-4171
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-4227
https://notcve.org/view.php?id=CVE-2018-4227
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.4 y las versiones de macOS anteriores a la 10.13.5. • http://www.securityfocus.com/bid/104897 http://www.securitytracker.com/id/1041027 https://efail.de/#cve https://support.apple.com/HT208848 https://support.apple.com/HT208849 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2018-4219
https://notcve.org/view.php?id=CVE-2018-4219
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion. Se ha descubierto un problema en algunos productos Apple. Las versiones de macOS anteriores a la 10.13.5 se han visto afectadas. • http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208849 • CWE-704: Incorrect Type Conversion or Cast •
CVE-2018-4224
https://notcve.org/view.php?id=CVE-2018-4224
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.4, las versiones de macOS anteriores a la 10.13.5, las versiones de iCloud para Windows anteriores a la 7.5, las versiones de iTunes para Windows anteriores a la 12.7.5, las versiones de tvOS anteriores a la 11.4 y las versiones de watchOS anteriores a la 4.3.1. • http://www.securityfocus.com/bid/104378 http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208848 https://support.apple.com/HT208849 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •