Apple Macos High Sierra vulnerabilities

CVE-2017-13890 [HIGH] CVE-2017-13890: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13890 Component: CoreTypes Impact: Processing a maliciously crafted webpage may result in the mounting of a disk image Description: A logic issue was addressed with improved restrictions.

CVE-2017-9049 [HIGH] CVE-2017-9049: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-9049 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A null pointer dereference was addressed with improved validation.

CVE-2017-0381 [HIGH] CVE-2017-0381: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-0381 Component: CoreAudio Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4.

CVE-2017-13814 [HIGH] CVE-2017-13814: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13814 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4302 [HIGH] CVE-2018-4302: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2018-4302 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A null pointer dereference was addressed with improved validation.

CVE-2017-13908 [HIGH] CVE-2017-13908: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13908 Component: SMB Impact: A local attacker may be able to execute non-executable text files via an SMB share Description: An issue in handling file permissions was addressed with improved validation.

CVE-2017-13816 [HIGH] CVE-2017-13816: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13816 Component: Kernel Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. Description: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addres

CVE-2017-7132 [HIGH] CVE-2017-7132: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7132 Component: Quick Look Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling.

CVE-2017-13833 [HIGH] CVE-2017-13833: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13833 Component: CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7077 [HIGH] CVE-2017-7077: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7077 Component: IOFireWireFamily Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13811 [HIGH] CVE-2017-13811: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13811 Component: Fonts Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-6460 [HIGH] CVE-2017-6460: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-6460 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-13830 [HIGH] CVE-2017-13830: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13830 Component: HFS Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6462 [HIGH] CVE-2017-6462: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-6462 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2016-2161 [HIGH] CVE-2016-2161: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2016-2161 Component: CVE-2016-2161

CVE-2017-7114 [HIGH] CVE-2017-7114: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7114 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13854 [HIGH] CVE-2017-13854: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13854 Component: Kernel Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6452 [HIGH] CVE-2017-6452: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-6452 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-13808 [HIGH] CVE-2017-13808: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13808 Component: Remote Management Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2016-4736 [HIGH] CVE-2016-4736: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2016-4736 Component: Kernel Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. Description: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed