Apple Macos High Sierra vulnerabilities

CVE-2017-13841 [MEDIUM] CVE-2017-13841: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13841 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-6464 [MEDIUM] CVE-2017-6464: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-6464 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-13909 [MEDIUM] CVE-2017-13909: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13909 Impact: A local attacker may gain access to iCloud authentication tokens Description: An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain.

CVE-2017-13822 [MEDIUM] CVE-2017-13822: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13822 Component: Quick Look Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-6463 [MEDIUM] CVE-2017-6463: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-6463 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-7078 [MEDIUM] CVE-2017-7078: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7078 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-13819 [MEDIUM] CVE-2017-13819: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13819 Component: HelpViewer Impact: A quarantined HTML file may execute arbitrary JavaScript cross-origin Description: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.

CVE-2017-7141 [MEDIUM] CVE-2017-7141: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7141 Component: Mail Impact: The sender of an email may be able to determine the IP address of the recipient Description: Turning off "Load remote content in messages" did not apply to all mailboxes. This issue was addressed with improved setting propagation.

CVE-2017-7083 [MEDIUM] CVE-2017-7083: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7083 Component: CFNetwork Proxies Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling.

CVE-2017-13828 [MEDIUM] CVE-2017-13828: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13828 Component: Fonts Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-13810 [MEDIUM] CVE-2017-13810: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13810 Component: Kernel Impact: A local user may be able to leak sensitive user information Description: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.

CVE-2017-13818 [MEDIUM] CVE-2017-13818: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13818 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13910 [MEDIUM] CVE-2017-13910: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13910 Component: CVE-2017-13910

CVE-2016-9042 [MEDIUM] CVE-2016-9042: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2016-9042 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-13782 [MEDIUM] CVE-2017-13782: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13782 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13836 [MEDIUM] CVE-2017-13836: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13836 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-7119 [MEDIUM] CVE-2017-7119: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7119 Component: IOFireWireFamily Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13817 [MEDIUM] CVE-2017-13817: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13817 Component: Kernel Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.

CVE-2017-13842 [MEDIUM] CVE-2017-13842: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-13842 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-7138 [LOW] CVE-2017-7138: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7138 Component: Directory Utility Impact: A local attacker may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.