CVE-2018-4086
https://notcve.org/view.php?id=CVE-2018-4086
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2.5, las versiones de macOS anteriores a la 10.13.3, las versiones de tvOS anteriores a la 11.2.5 y las versiones de watchOS anteriores a la 4.2.2 se han visto afectadas. • http://www.securityfocus.com/bid/102782 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 • CWE-295: Improper Certificate Validation •
CVE-2018-4089 – WebKit - 'detachWrapper' Use-After-Free
https://notcve.org/view.php?id=CVE-2018-4089
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. • https://www.exploit-db.com/exploits/43937 http://www.securityfocus.com/bid/102778 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040266 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208465 https://support.apple.com/HT208475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4090 – macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding
https://notcve.org/view.php?id=CVE-2018-4090
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2.5, las versiones de macOS anteriores a la 10.13.3, las versiones de tvOS anteriores a la 11.2.5 y las versiones de watchOS anteriores a la 4.2.2 se han visto afectadas. • https://www.exploit-db.com/exploits/43923 http://www.securityfocus.com/bid/102782 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-4085 – Apple macOS QuartzCore render_mask Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4085
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2.5, las versiones de macOS anteriores a la 10.13.3, las versiones de tvOS anteriores a la 11.2.5 y las versiones de watchOS anteriores a la 4.2.2 se han visto afectadas. • http://www.securityfocus.com/bid/102782 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4096
https://notcve.org/view.php?id=CVE-2018-4096
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/102775 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040266 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 https://support.apple.com/HT208473 https://support.apple.com/HT208474 https://support.apple.com/HT208475 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •