Apple Macos Mojave vulnerabilities

CVE-2018-4433 [MEDIUM] CVE-2018-4433: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4433 Component: DiskArbitration Impact: A malicious application may be able to modify contents of the EFI system partition and execute arbitrary code with kernel privileges if secure boot is not enabled Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.

CVE-2018-5383 [MEDIUM] CVE-2018-5383: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-5383 Component: Bluetooth Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-4304 [MEDIUM] CVE-2018-4304: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4304 Component: Text Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation.

CVE-2018-4418 [MEDIUM] CVE-2018-4418: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4418 Component: Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4321 [MEDIUM] CVE-2018-4321: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4321 Component: Auto Unlock Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

CVE-2018-4346 [MEDIUM] CVE-2018-4346: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4346 Component: Dictionary Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization.

CVE-2016-0702 [MEDIUM] CVE-2016-0702: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2016-0702 Component: CVE-2016-0702

CVE-2018-4399 [MEDIUM] CVE-2018-4399: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4399 Component: Kernel Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.

CVE-2018-4417 [MEDIUM] CVE-2018-4417: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4417 Component: AppleGraphicsControl Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4355 [MEDIUM] CVE-2018-4355: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4355 Component: Hypervisor Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Desc

CVE-2018-4348 [MEDIUM] CVE-2018-4348: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4348 Component: Login Window Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic.

CVE-2018-3639 [MEDIUM] CVE-2018-3639: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-3639 Component: Microcode Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Descriptio

CVE-2018-3646 [MEDIUM] CVE-2018-3646: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-3646 Component: Hypervisor Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Desc

CVE-2018-4324 [MEDIUM] CVE-2018-4324: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4324 Component: App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.

CVE-2017-12618 [MEDIUM] CVE-2017-12618: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2017-12618 Component: APR Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling.

CVE-2018-4406 [MEDIUM] CVE-2018-4406: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4406 Component: CUPS Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation.

CVE-2018-4338 [MEDIUM] CVE-2018-4338: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4338 Component: Wi-Fi Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4333 [MEDIUM] CVE-2018-4333: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4333 Component: Crash Reporter Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4308 [MEDIUM] CVE-2018-4308: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4308 Component: ATS Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2018-4351 [MEDIUM] CVE-2018-4351: macOS Mojave 10.14 Apple Security Update: About the security content of macOS Mojave 10.14 Product: macOS Mojave Version: 10.14 CVE: CVE-2018-4351 Component: Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling.