Apple macOS vulnerabilities

CVE-2017-13839 [MEDIUM] CWE-200 CVE-2017-13839: An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involve An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.

CVE-2018-4086 [MEDIUM] CWE-295 CVE-2018-4086: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.

CVE-2018-4092 [MEDIUM] CWE-362 CVE-2018-4092: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2018-4176 [MEDIUM] CWE-20 CVE-2018-4176: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.

CVE-2017-13873 [MEDIUM] CWE-200 CVE-2017-13873: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.

CVE-2018-4107 [MEDIUM] CWE-20 CVE-2018-4107: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.

CVE-2018-4093 [MEDIUM] CWE-200 CVE-2018-4093: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2017-7070 [MEDIUM] CVE-2017-7070: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid.

CVE-2018-4138 [MEDIUM] CWE-200 CVE-2018-4138: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2018-4174 [MEDIUM] CVE-2018-4174: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.

CVE-2017-7003 [MEDIUM] CWE-20 CVE-2017-7003: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVE-2018-4111 [MEDIUM] CWE-347 CVE-2018-4111: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature.

CVE-2018-4104 [MEDIUM] CWE-200 CVE-2018-4104: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2017-7173 [MEDIUM] CWE-200 CVE-2017-7173: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2014-8129 [HIGH] CWE-787 CVE-2014-8129: LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

CVE-2014-8130 [MEDIUM] CWE-369 CVE-2014-8130: The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows re The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

CVE-2017-7155 [HIGH] CWE-119 CVE-2017-7155: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-7163 [HIGH] CWE-119 CVE-2017-7163: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-7162 [HIGH] CWE-119 CVE-2017-7162: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-7159 [HIGH] CWE-119 CVE-2017-7159: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.