Apple tvOS vulnerabilities

CVE-2018-4218 [HIGH] CWE-416 CVE-2018-4218: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary

CVE-2018-4199 [HIGH] CWE-119 CVE-2018-4199: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service

CVE-2018-4190 [HIGH] CWE-522 CVE-2018-4190: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is tra

CVE-2018-4237 [HIGH] CVE-2018-4237: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.

CVE-2018-4232 [MEDIUM] CVE-2018-4232: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.

CVE-2018-4240 [MEDIUM] CWE-20 CVE-2018-4240: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

CVE-2018-4404 [HIGH] CVE-2018-4404: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4404 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking.

CVE-2018-4211 [HIGH] CVE-2018-4211: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4211 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4243 [HIGH] CVE-2018-4243: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4243 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking.

CVE-2018-4249 [HIGH] CVE-2018-4249: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4249 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4206 [HIGH] CVE-2018-4206: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4206 Component: Crash Reporter Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling.

CVE-2018-4241 [HIGH] CVE-2018-4241: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4241 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking.

CVE-2018-4198 [MEDIUM] CVE-2018-4198: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4198 Component: UIKit Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text.

CVE-2018-4188 [MEDIUM] CVE-2018-4188: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4188 Component: WebKit Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2018-4224 [MEDIUM] CVE-2018-4224: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4224 Component: Security Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management.

CVE-2018-4187 [MEDIUM] CVE-2018-4187: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4187 Component: LinkPresentation Impact: Processing a maliciously crafted text message may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2018-4223 [MEDIUM] CVE-2018-4223: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4223 Component: Security Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management.

CVE-2018-4235 [MEDIUM] CVE-2018-4235: tvOS 11.4 Apple Security Update: About the security content of tvOS 11.4 Product: tvOS Version: 11.4 CVE: CVE-2018-4235 Component: Messages Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation.

CVE-2018-4115 [CRITICAL] CWE-281 CVE-2018-4115: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profil

CVE-2018-4124 [CRITICAL] CWE-119 CVE-2018-4124: An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly