Apple macOS vulnerabilities

CVE-2018-4404 [HIGH] CWE-119 CVE-2018-4404: In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was ad In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.

CVE-2018-4181 [MEDIUM] CVE-2018-4181: In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improve In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

CVE-2018-4256 [MEDIUM] CWE-125 CVE-2018-4256: In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validat In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.

CVE-2018-4179 [MEDIUM] CWE-200 CVE-2018-4179: In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This is In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic.

CVE-2017-13886 [MEDIUM] CVE-2017-13886: In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configurati In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions.

CVE-2018-4255 [MEDIUM] CWE-125 CVE-2018-4255: In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validat In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.

CVE-2018-18313 [CRITICAL] CWE-125 CVE-2018-18313: Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18311 [CRITICAL] CWE-190 CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression t Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-5383 [MEDIUM] CWE-325 CVE-2018-5383: Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encr

CVE-2018-4229 [CRITICAL] CVE-2018-4229: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.

CVE-2018-4243 [HIGH] CWE-119 CVE-2018-4243: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2018-4196 [HIGH] CWE-200 CVE-2018-4196: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.

CVE-2018-4234 [HIGH] CWE-119 CVE-2018-4234: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2018-4219 [HIGH] CWE-704 CVE-2018-4219: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.

CVE-2018-4242 [HIGH] CWE-119 CVE-2018-4242: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2018-4241 [HIGH] CWE-119 CVE-2018-4241: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2018-4206 [HIGH] CWE-119 CVE-2018-4206: An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via

CVE-2018-4221 [HIGH] CWE-200 CVE-2018-4221: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.

CVE-2018-4228 [HIGH] CWE-362 CVE-2018-4228: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.

CVE-2018-4236 [HIGH] CWE-119 CVE-2018-4236: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.