CVE-2018-4241
CVSS9.3
发布时间 :2018-06-08 14:29:02
修订时间 :2018-07-17 12:12:07
NMP    

[原文]An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:apple:apple_tv:1.0.0Apple TV 1.0.0
cpe:/a:apple:apple_tv:1.1.0Apple TV 1.1.0
cpe:/a:apple:apple_tv:2.0.0Apple TV 2.0.0
cpe:/a:apple:apple_tv:2.0.1Apple TV 2.0.1
cpe:/a:apple:apple_tv:2.0.2Apple TV 2.0.2
cpe:/a:apple:apple_tv:2.1.0Apple TV 2.1.0
cpe:/a:apple:apple_tv:2.2.0Apple TV 2.2.0
cpe:/a:apple:apple_tv:2.3.0Apple TV 2.3.0
cpe:/a:apple:apple_tv:2.3.1Apple TV 2.3.1
cpe:/a:apple:apple_tv:2.4.0Apple TV 2.4.0
cpe:/a:apple:apple_tv:3.0.0Apple TV 3.0.0
cpe:/a:apple:apple_tv:3.0.1Apple TV 3.0.1
cpe:/a:apple:apple_tv:3.0.2Apple TV 3.0.2
cpe:/a:apple:apple_tv:4.1.0Apple TV 4.1.0
cpe:/a:apple:apple_tv:4.1.1Apple TV 4.1.1
cpe:/a:apple:apple_tv:4.2.0Apple TV 4.2.0
cpe:/a:apple:apple_tv:4.2.1Apple TV 4.2.1
cpe:/a:apple:apple_tv:4.2.2Apple TV 4.2.2
cpe:/a:apple:apple_tv:4.3.0Apple TV 4.3.0
cpe:/a:apple:apple_tv:4.4.0Apple TV 4.4.0
cpe:/a:apple:apple_tv:4.4.2Apple TV 4.4.2
cpe:/a:apple:apple_tv:4.4.3Apple TV 4.4.3
cpe:/a:apple:apple_tv:4.4.4Apple TV 4.4.4
cpe:/a:apple:apple_tv:5.0.0Apple TV 5.0.0
cpe:/a:apple:apple_tv:5.0.1Apple TV 5.0.1
cpe:/a:apple:apple_tv:5.0.2Apple TV 5.0.2
cpe:/a:apple:apple_tv:5.1.0Apple TV 5.1.0
cpe:/a:apple:apple_tv:5.1.1Apple TV 5.1.1
cpe:/a:apple:apple_tv:5.2.0Apple TV 5.2.0
cpe:/a:apple:apple_tv:6.0
cpe:/a:apple:apple_tv:6.0.1
cpe:/a:apple:apple_tv:6.0.2
cpe:/a:apple:apple_tv:6.1
cpe:/a:apple:apple_tv:6.1.1
cpe:/a:apple:apple_tv:6.1.2
cpe:/a:apple:apple_tv:6.2
cpe:/a:apple:apple_tv:6.2.1
cpe:/a:apple:apple_tv:7.0
cpe:/a:apple:apple_tv:7.0.1
cpe:/a:apple:apple_tv:7.0.3
cpe:/a:apple:apple_tv:7.1
cpe:/a:apple:apple_tv:9.0.1
cpe:/a:apple:apple_tv:9.1.1
cpe:/a:apple:apple_tv:10.0
cpe:/a:apple:apple_tv:10.0.1
cpe:/a:apple:apple_tv:10.1
cpe:/a:apple:apple_tv:10.1.1
cpe:/a:apple:apple_tv:10.2
cpe:/a:apple:apple_tv:10.2.1
cpe:/a:apple:apple_tv:10.2.2
cpe:/a:apple:apple_tv:11.0
cpe:/a:apple:apple_tv:11.1
cpe:/o:apple:iphone_os:1.0.0Apple iPhone OS 1.0.0
cpe:/o:apple:iphone_os:1.0.0:-:iphoneApple iPhone OS 1.0.0 iPhone
cpe:/o:apple:iphone_os:1.0.1Apple iPhone OS 1.0.1
cpe:/o:apple:iphone_os:1.0.1:-:iphoneApple iPhone OS 1.0.1 iPhone
cpe:/o:apple:iphone_os:1.0.2Apple iPhone OS 1.0.2
cpe:/o:apple:iphone_os:1.0.2:-:iphoneApple iPhone OS 1.0.2 iPhone
cpe:/o:apple:iphone_os:1.1.0Apple iPhone OS 1.1.0
cpe:/o:apple:iphone_os:1.1.0:-:iphoneApple iPhone OS 1.1.0 iPhone
cpe:/o:apple:iphone_os:1.1.0:-:ipodtouchApple iPhone OS 1.1.0 iPodTouch
cpe:/o:apple:iphone_os:1.1.1Apple iPhone OS 1.1.1
cpe:/o:apple:iphone_os:1.1.1:-:iphoneApple iPhone OS 1.1.1 iPhone
cpe:/o:apple:iphone_os:1.1.1:-:ipodtouchApple iPhone OS 1.1.1 iPodTouch
cpe:/o:apple:iphone_os:1.1.2Apple iPhone OS 1.1.2
cpe:/o:apple:iphone_os:1.1.2:-:iphoneApple iPhone OS 1.1.2 iPhone
cpe:/o:apple:iphone_os:1.1.2:-:ipodtouchApple iPhone OS 1.1.2 iPodTouch
cpe:/o:apple:iphone_os:1.1.3Apple iPhone OS 1.1.3
cpe:/o:apple:iphone_os:1.1.3:-:iphoneApple iPhone OS 1.1.3 iPhone
cpe:/o:apple:iphone_os:1.1.3:-:ipodtouchApple iPhone OS 1.1.3 iPodTouch
cpe:/o:apple:iphone_os:1.1.4Apple iPhone OS 1.1.4
cpe:/o:apple:iphone_os:1.1.4:-:iphoneApple iPhone OS 1.1.4 iPhone
cpe:/o:apple:iphone_os:1.1.4:-:ipodtouchApple iPhone OS 1.1.4 iPodTouch
cpe:/o:apple:iphone_os:1.1.5Apple iPhone OS 1.1.5
cpe:/o:apple:iphone_os:1.1.5:-:iphoneApple iPhone OS 1.1.5 iPhone
cpe:/o:apple:iphone_os:1.1.5:-:ipodtouchApple iPhone OS 1.1.5 iPodTouch
cpe:/o:apple:iphone_os:2.0Apple iPhone OS 2.0
cpe:/o:apple:iphone_os:2.0.0Apple iPhone OS 2.0.0
cpe:/o:apple:iphone_os:2.0.0:-:iphoneApple iPhone OS 2.0.0 iPhone
cpe:/o:apple:iphone_os:2.0.0:-:ipodtouchApple iPhone OS 2.0.0 iPodTouch
cpe:/o:apple:iphone_os:2.0.1Apple iPhone OS 2.0.1
cpe:/o:apple:iphone_os:2.0.1:-:iphoneApple iPhone OS 2.0.1
cpe:/o:apple:iphone_os:2.0.1:-:ipodtouchApple iPhone OS 2.0.1 iPodTouch
cpe:/o:apple:iphone_os:2.0.2Apple iPhone OS 2.0.2
cpe:/o:apple:iphone_os:2.0.2:-:iphoneApple iPhone OS 2.0.2 iPhone
cpe:/o:apple:iphone_os:2.0.2:-:ipodtouchApple iPhone OS 2.0.2 iPodTouch
cpe:/o:apple:iphone_os:2.1Apple iPhone OS 2.1
cpe:/o:apple:iphone_os:2.1:-:iphoneApple iPhone OS 2.1 iPhone
cpe:/o:apple:iphone_os:2.1:-:ipodtouchApple iPhone OS 2.1 iPodTouch
cpe:/o:apple:iphone_os:2.1.1Apple iPhone OS 2.1.1
cpe:/o:apple:iphone_os:2.2Apple iPhone OS 2.2
cpe:/o:apple:iphone_os:2.2:-:iphoneApple iPhone OS 2.2 iPhone
cpe:/o:apple:iphone_os:2.2:-:ipodtouchApple iPhone OS 2.2 iPodTouch
cpe:/o:apple:iphone_os:2.2.1Apple iPhone OS 2.2.1
cpe:/o:apple:iphone_os:2.2.1:-:iphoneApple iPhone OS 2.2.1 iPhone
cpe:/o:apple:iphone_os:2.2.1:-:ipodtouchApple iPhone OS 2.2.1 iPodTouch
cpe:/o:apple:iphone_os:3.0Apple iPhone OS 3.0
cpe:/o:apple:iphone_os:3.0:-:iphoneApple iPhone OS 3.0 iPhone
cpe:/o:apple:iphone_os:3.0:-:ipodtouchApple iPhone OS 3.0 iPodTouch
cpe:/o:apple:iphone_os:3.0.1Apple iPhone OS 3.0.1
cpe:/o:apple:iphone_os:3.0.1:-:iphoneApple iPhone OS 3.0.1 iPhone
cpe:/o:apple:iphone_os:3.0.1:-:ipodtouchApple iPhone OS 3.0.1 iPodTouch
cpe:/o:apple:iphone_os:3.1Apple iPhone OS 3.1
cpe:/o:apple:iphone_os:3.1:-:iphoneApple iPhone OS 3.1 iPhone
cpe:/o:apple:iphone_os:3.1:-:ipodtouchApple iPhone OS 3.1 iPodTouch
cpe:/o:apple:iphone_os:3.1.2Apple iPhone OS 3.1.2
cpe:/o:apple:iphone_os:3.1.2:-:iphoneApple iPhone OS 3.1.2 iPhone
cpe:/o:apple:iphone_os:3.1.2:-:ipodtouchApple iPhone OS 3.1.2 iPodTouch
cpe:/o:apple:iphone_os:3.1.3Apple iPhone OS 3.1.3
cpe:/o:apple:iphone_os:3.1.3:-:iphoneApple iPhone OS 3.1.3 iPhone
cpe:/o:apple:iphone_os:3.1.3:-:ipodtouchApple iPhone OS 3.1.3 iPodTouch
cpe:/o:apple:iphone_os:3.2Apple iPhone OS 3.2
cpe:/o:apple:iphone_os:3.2:-:iphoneApple iPhone OS 3.2 iPhone
cpe:/o:apple:iphone_os:3.2:-:ipodtouchApple iPhone OS 3.2 iPodTouch
cpe:/o:apple:iphone_os:3.2.1Apple iPhone OS 3.2.1
cpe:/o:apple:iphone_os:3.2.1:-:ipadApple iPhone OS 3.2.1:-:ipad
cpe:/o:apple:iphone_os:3.2.2Apple iPhone OS 3.2.2
cpe:/o:apple:iphone_os:4.0Apple iPhone OS 4.0
cpe:/o:apple:iphone_os:4.0:-:iphoneApple iPhone OS 4.0 iPhone
cpe:/o:apple:iphone_os:4.0:-:ipodtouchApple iPhone OS 4.0 iPodTouch
cpe:/o:apple:iphone_os:4.0.1Apple iPhone OS 4.0.1
cpe:/o:apple:iphone_os:4.0.1:-:iphoneApple iPhone OS 4.0.1 iPhone
cpe:/o:apple:iphone_os:4.0.1:-:ipodtouchApple iPhone OS 4.0.1 iPodTouch
cpe:/o:apple:iphone_os:4.0.2Apple iPhone OS 4.0.2
cpe:/o:apple:iphone_os:4.1Apple iPhone OS 4.1
cpe:/o:apple:iphone_os:4.2.1Apple iPhone OS 4.2.1
cpe:/o:apple:iphone_os:4.2.5Apple iPhone OS 4.2.5
cpe:/o:apple:iphone_os:4.2.8Apple iPhone OS 4.2.8
cpe:/o:apple:iphone_os:4.3.0Apple iPhone OS 4.3.0
cpe:/o:apple:iphone_os:4.3.1Apple iPhone OS 4.3.1
cpe:/o:apple:iphone_os:4.3.2Apple iPhone OS 4.3.2
cpe:/o:apple:iphone_os:4.3.3Apple iPhone OS 4.3.3
cpe:/o:apple:iphone_os:4.3.5Apple iPhone OS 4.3.5
cpe:/o:apple:iphone_os:4.3.5:-:ipadApple iPhone OS 4.3.5 iPad
cpe:/o:apple:iphone_os:4.3.5:-:ipodtouchApple iPhone OS 4.3.5 iPodTouch
cpe:/o:apple:iphone_os:5.0Apple iPhone OS 5.0
cpe:/o:apple:iphone_os:5.0:-:ipadApple iPhone OS 5.0 iPad
cpe:/o:apple:iphone_os:5.0:-:iphoneApple iPhone OS 5.0 iPhone
cpe:/o:apple:iphone_os:5.0:-:ipodtouchApple iPhone OS 5.0iPod touch
cpe:/o:apple:iphone_os:5.0.1Apple iPhone OS 5.0.1
cpe:/o:apple:iphone_os:5.0.1:-:ipadApple iPhone OS 5.0.1 iPad
cpe:/o:apple:iphone_os:5.0.1:-:iphoneApple iPhone OS 5.0.1 iPhone
cpe:/o:apple:iphone_os:5.0.1:-:ipodtouchApple iPhone OS 5.0.1 iPod touch
cpe:/o:apple:iphone_os:5.1Apple iPhone OS 5.1
cpe:/o:apple:iphone_os:5.1.1Apple iPhone OS 5.1.1
cpe:/o:apple:iphone_os:6.0Apple iPhone OS 6.0
cpe:/o:apple:iphone_os:6.0.1Apple iPhone OS 6.0.1
cpe:/o:apple:iphone_os:6.0.2Apple iPhone OS 6.0.2
cpe:/o:apple:iphone_os:6.1Apple iPhone OS 6.1
cpe:/o:apple:iphone_os:6.1.2
cpe:/o:apple:iphone_os:6.1.3
cpe:/o:apple:iphone_os:6.1.4
cpe:/o:apple:iphone_os:6.1.5
cpe:/o:apple:iphone_os:6.1.6
cpe:/o:apple:iphone_os:7.0
cpe:/o:apple:iphone_os:7.0.1
cpe:/o:apple:iphone_os:7.0.2
cpe:/o:apple:iphone_os:7.0.3
cpe:/o:apple:iphone_os:7.0.4
cpe:/o:apple:iphone_os:7.0.5
cpe:/o:apple:iphone_os:7.0.6
cpe:/o:apple:iphone_os:7.1
cpe:/o:apple:iphone_os:7.1.1
cpe:/o:apple:iphone_os:7.1.2
cpe:/o:apple:iphone_os:8.0
cpe:/o:apple:iphone_os:8.0.1
cpe:/o:apple:iphone_os:8.0.2
cpe:/o:apple:iphone_os:8.1
cpe:/o:apple:iphone_os:8.1.2
cpe:/o:apple:iphone_os:8.1.3
cpe:/o:apple:iphone_os:8.2
cpe:/o:apple:iphone_os:8.4.1
cpe:/o:apple:iphone_os:9.0
cpe:/o:apple:iphone_os:9.0.1
cpe:/o:apple:iphone_os:9.0.2
cpe:/o:apple:iphone_os:9.1
cpe:/o:apple:iphone_os:9.2
cpe:/o:apple:iphone_os:9.2.1
cpe:/o:apple:iphone_os:9.3
cpe:/o:apple:iphone_os:9.3.1
cpe:/o:apple:iphone_os:9.3.2
cpe:/o:apple:iphone_os:9.3.3
cpe:/o:apple:iphone_os:9.3.4
cpe:/o:apple:iphone_os:9.3.5
cpe:/o:apple:iphone_os:10.0
cpe:/o:apple:iphone_os:10.0.1
cpe:/o:apple:iphone_os:10.0.2
cpe:/o:apple:iphone_os:10.0.3
cpe:/o:apple:iphone_os:10.1
cpe:/o:apple:iphone_os:10.1.1
cpe:/o:apple:iphone_os:10.2
cpe:/o:apple:iphone_os:10.2.1
cpe:/o:apple:iphone_os:10.3
cpe:/o:apple:iphone_os:10.3.1
cpe:/o:apple:iphone_os:10.3.2
cpe:/o:apple:iphone_os:10.3.3
cpe:/o:apple:iphone_os:11.0
cpe:/o:apple:iphone_os:11.0.1
cpe:/o:apple:iphone_os:11.0.2
cpe:/o:apple:iphone_os:11.0.3
cpe:/o:apple:iphone_os:11.1
cpe:/o:apple:iphone_os:11.1.1
cpe:/o:apple:iphone_os:11.1.2
cpe:/o:apple:mac_os_x:-
cpe:/o:apple:mac_os_x:10.0Apple Mac OS X 10.0
cpe:/o:apple:mac_os_x:10.0.0Apple Mac OS X 10.0.0
cpe:/o:apple:mac_os_x:10.0.1Apple Mac OS X 10.0.1
cpe:/o:apple:mac_os_x:10.0.2Apple Mac OS X 10.0.2
cpe:/o:apple:mac_os_x:10.0.3Apple Mac OS X 10.0.3
cpe:/o:apple:mac_os_x:10.0.4Apple Mac OS X 10.0.4
cpe:/o:apple:mac_os_x:10.1Apple Mac OS X 10.1
cpe:/o:apple:mac_os_x:10.1.0Apple Mac OS X 10.1.0
cpe:/o:apple:mac_os_x:10.1.1Apple Mac OS X 10.1.1
cpe:/o:apple:mac_os_x:10.1.2Apple Mac OS X 10.1.2
cpe:/o:apple:mac_os_x:10.1.3Apple Mac OS X 10.1.3
cpe:/o:apple:mac_os_x:10.1.4Apple Mac OS X 10.1.4
cpe:/o:apple:mac_os_x:10.1.5Apple Mac OS X 10.1.5
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:apple:mac_os_x:10.2.0Apple Mac OS X 10.2.0
cpe:/o:apple:mac_os_x:10.2.1Apple Mac OS X 10.2.1
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/o:apple:mac_os_x:10.2.3Apple Mac OS X 10.2.3
cpe:/o:apple:mac_os_x:10.2.4Apple Mac OS X 10.2.4
cpe:/o:apple:mac_os_x:10.2.5Apple Mac OS X 10.2.5
cpe:/o:apple:mac_os_x:10.2.6Apple Mac OS X 10.2.6
cpe:/o:apple:mac_os_x:10.2.7Apple Mac OS X 10.2.7
cpe:/o:apple:mac_os_x:10.2.8Apple Mac OS X 10.2.8
cpe:/o:apple:mac_os_x:10.3Apple Mac OS X 10.3
cpe:/o:apple:mac_os_x:10.3.0Apple Mac OS X 10.3.0
cpe:/o:apple:mac_os_x:10.3.1Apple Mac OS X 10.3.1
cpe:/o:apple:mac_os_x:10.3.2Apple Mac OS X 10.3.2
cpe:/o:apple:mac_os_x:10.3.3Apple Mac OS X 10.3.3
cpe:/o:apple:mac_os_x:10.3.4Apple Mac OS X 10.3.4
cpe:/o:apple:mac_os_x:10.3.5Apple Mac OS X 10.3.5
cpe:/o:apple:mac_os_x:10.3.6Apple Mac OS X 10.3.6
cpe:/o:apple:mac_os_x:10.3.7Apple Mac OS X 10.3.7
cpe:/o:apple:mac_os_x:10.3.8Apple Mac OS X 10.3.8
cpe:/o:apple:mac_os_x:10.3.9Apple Mac OS X 10.3.9
cpe:/o:apple:mac_os_x:10.4Apple Mac OS X 10.4
cpe:/o:apple:mac_os_x:10.4.0Apple Mac OS X 10.4.0
cpe:/o:apple:mac_os_x:10.4.1Apple Mac OS X 10.4.1
cpe:/o:apple:mac_os_x:10.4.2Apple Mac OS X 10.4.2
cpe:/o:apple:mac_os_x:10.4.3Apple Mac OS X 10.4.3
cpe:/o:apple:mac_os_x:10.4.4Apple Mac OS X 10.4.4
cpe:/o:apple:mac_os_x:10.4.5Apple Mac OS X 10.4.5
cpe:/o:apple:mac_os_x:10.4.6Apple Mac OS X 10.4.6
cpe:/o:apple:mac_os_x:10.4.7Apple Mac OS X 10.4.7
cpe:/o:apple:mac_os_x:10.4.8Apple Mac OS X 10.4.8
cpe:/o:apple:mac_os_x:10.4.9Apple Mac OS X 10.4.9
cpe:/o:apple:mac_os_x:10.4.10Apple Mac OS X 10.4.10
cpe:/o:apple:mac_os_x:10.4.11Apple Mac OS X 10.4.11
cpe:/o:apple:mac_os_x:10.5Apple Mac OS X 10.5
cpe:/o:apple:mac_os_x:10.5.0Apple Mac OS X 10.5.0
cpe:/o:apple:mac_os_x:10.5.1Apple Mac OS X 10.5.1
cpe:/o:apple:mac_os_x:10.5.2Apple Mac OS X 10.5.2
cpe:/o:apple:mac_os_x:10.5.3Apple Mac OS X 10.5.3
cpe:/o:apple:mac_os_x:10.5.4Apple Mac OS X 10.5.4
cpe:/o:apple:mac_os_x:10.5.5Apple Mac OS X 10.5.5
cpe:/o:apple:mac_os_x:10.5.6Apple Mac OS X 10.5.6
cpe:/o:apple:mac_os_x:10.5.7Apple Mac OS X 10.5.7
cpe:/o:apple:mac_os_x:10.5.8Apple Mac OS X 10.5.8
cpe:/o:apple:mac_os_x:10.6.0Apple Mac OS X 10.6.0
cpe:/o:apple:mac_os_x:10.6.1Apple Mac OS X 10.6.1
cpe:/o:apple:mac_os_x:10.6.2Apple Mac OS X 10.6.2
cpe:/o:apple:mac_os_x:10.6.3Apple Mac OS X 10.6.3
cpe:/o:apple:mac_os_x:10.6.4Apple Mac OS X 10.6.4
cpe:/o:apple:mac_os_x:10.6.5Apple Mac OS X 10.6.5
cpe:/o:apple:mac_os_x:10.6.6Apple Mac OS X 10.6.6
cpe:/o:apple:mac_os_x:10.6.7Apple Mac OS X 10.6.7
cpe:/o:apple:mac_os_x:10.6.8Apple Mac OS X 10.6.8
cpe:/o:apple:mac_os_x:10.7.0Apple Mac OS X 10.7.0
cpe:/o:apple:mac_os_x:10.7.1Apple Mac OS X 10.7.1
cpe:/o:apple:mac_os_x:10.7.2Apple Mac OS X 10.7.2
cpe:/o:apple:mac_os_x:10.7.3Apple Mac OS X 10.7.3
cpe:/o:apple:mac_os_x:10.7.4Apple Mac OS X 10.7.4
cpe:/o:apple:mac_os_x:10.7.5Apple Mac OS X 10.7.5
cpe:/o:apple:mac_os_x:10.8.0
cpe:/o:apple:mac_os_x:10.8.1
cpe:/o:apple:mac_os_x:10.8.2
cpe:/o:apple:mac_os_x:10.8.3
cpe:/o:apple:mac_os_x:10.8.4
cpe:/o:apple:mac_os_x:10.8.5
cpe:/o:apple:mac_os_x:10.8.5:supplemental_update
cpe:/o:apple:mac_os_x:10.9
cpe:/o:apple:mac_os_x:10.9.1
cpe:/o:apple:mac_os_x:10.9.2
cpe:/o:apple:mac_os_x:10.9.3
cpe:/o:apple:mac_os_x:10.9.4
cpe:/o:apple:mac_os_x:10.9.5
cpe:/o:apple:mac_os_x:10.10.0
cpe:/o:apple:mac_os_x:10.10.1
cpe:/o:apple:mac_os_x:10.10.2
cpe:/o:apple:mac_os_x:10.10.3
cpe:/o:apple:mac_os_x:10.10.4
cpe:/o:apple:mac_os_x:10.10.5
cpe:/o:apple:mac_os_x:10.11.0
cpe:/o:apple:mac_os_x:10.11.1
cpe:/o:apple:mac_os_x:10.11.2
cpe:/o:apple:mac_os_x:10.11.3
cpe:/o:apple:mac_os_x:10.11.4
cpe:/o:apple:mac_os_x:10.11.5
cpe:/o:apple:mac_os_x:10.11.6
cpe:/o:apple:mac_os_x:10.12.0
cpe:/o:apple:mac_os_x:10.12.1
cpe:/o:apple:mac_os_x:10.12.2
cpe:/o:apple:mac_os_x:10.12.3
cpe:/o:apple:mac_os_x:10.12.4
cpe:/o:apple:mac_os_x:10.12.5
cpe:/o:apple:mac_os_x:10.12.6
cpe:/o:apple:mac_os_x:10.13.0
cpe:/o:apple:watchos:1.0
cpe:/o:apple:watchos:1.0.1
cpe:/o:apple:watchos:2.0
cpe:/o:apple:watchos:2.0.1
cpe:/o:apple:watchos:2.1
cpe:/o:apple:watchos:2.2
cpe:/o:apple:watchos:2.2.0
cpe:/o:apple:watchos:2.2.1
cpe:/o:apple:watchos:2.2.2
cpe:/o:apple:watchos:3.0
cpe:/o:apple:watchos:3.1
cpe:/o:apple:watchos:3.1.1
cpe:/o:apple:watchos:3.1.3
cpe:/o:apple:watchos:3.2
cpe:/o:apple:watchos:3.2.2
cpe:/o:apple:watchos:3.2.3
cpe:/o:apple:watchos:4.0
cpe:/o:apple:watchos:4.0.1
cpe:/o:apple:watchos:4.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4241
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4241
(官方数据源) NVD

- 其它链接及资源

http://www.securitytracker.com/id/1041027
(VENDOR_ADVISORY)  SECTRACK  1041027
https://bugs.chromium.org/p/project-zero/issues/detail?id=1558
(VENDOR_ADVISORY)  MISC  https://bugs.chromium.org/p/project-zero/issues/detail?id=1558
https://support.apple.com/HT208848
(VENDOR_ADVISORY)  CONFIRM  https://support.apple.com/HT208848
https://support.apple.com/HT208849
(VENDOR_ADVISORY)  CONFIRM  https://support.apple.com/HT208849
https://support.apple.com/HT208850
(VENDOR_ADVISORY)  CONFIRM  https://support.apple.com/HT208850
https://support.apple.com/HT208851
(VENDOR_ADVISORY)  CONFIRM  https://support.apple.com/HT208851
https://www.exploit-db.com/exploits/44849/
(VENDOR_ADVISORY)  EXPLOIT-DB  44849

- 漏洞信息 (F148027)

Apple Security Advisory 2018-06-01-6 (PacketStormID:F148027)
2018-06-04 00:00:00
Apple  apple.com
advisory,denial of service,overflow,vulnerability,code execution
apple
CVE-2018-4188,CVE-2018-4190,CVE-2018-4192,CVE-2018-4198,CVE-2018-4199,CVE-2018-4200,CVE-2018-4201,CVE-2018-4204,CVE-2018-4206,CVE-2018-4211,CVE-2018-4214,CVE-2018-4218,CVE-2018-4222,CVE-2018-4223,CVE-2018-4224,CVE-2018-4232,CVE-2018-4233,CVE-2018-4235,CVE-2018-4237,CVE-2018-4240,CVE-2018-4241,CVE-2018-4243,CVE-2018-4246,CVE-2018-4249
[点击下载]

Apple Security Advisory 2018-06-01-6 - tvOS 11.4 addresses buffer overflow, code execution, and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-6 tvOS 11.4

tvOS 11.4 addresses the following:

Crash Reporter
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
error handling.
CVE-2018-4206: Ian Beer of Google Project Zero

FontParser
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2018-4241: Ian Beer of Google Project Zero
CVE-2018-4243: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

libxpc
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

Messages
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to conduct impersonation attacks
Description: An injection issue was addressed with improved input
validation.
CVE-2018-4235: Anurodh Pokharel of Salesforce.com

Messages
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: This issue was addressed with improved message
validation.
CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd

Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4224: Abraham Masri (@cheesecakeufo)

Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to read a persistent account
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4223: Abraham Masri (@cheesecakeufo)

UIKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A validation issue existed in the handling of text. This
issue was addressed with improved validation of text.
CVE-2018-4198: Hunter Byrnes

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may lead to cookies
being overwritten
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2018-4232: an anonymous researcher, Aymeric Chaib

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A race condition was addressed with improved locking.
CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat
of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4214: found by OSS-Fuzz

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working
with Trend Micro's Zero Day Initiative

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4246: found by OSS-Fuzz

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4200: Ivan Fratric of Google Project Zero

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4201: an anonymous researcher
CVE-2018-4218: Natalie Silvanovich of Google Project Zero
CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils
of MWR Labs working with Trend Micro's Zero Day Initiative

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: Credentials were unexpectedly sent when fetching CSS
mask images. This was addressed by using a CORS-enabled fetch method.
CVE-2018-4190: Jun Kokatsu (@shhnjk)

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4222: Natalie Silvanovich of Google Project Zero

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa1EpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHO+jA//
Q97zxMxR0YABgnvVJxya7HtjaNYTemO6GYoZd3Pdow6K4LtUcVY1pchgriZoRwOw
B/SmfN6Leij3XIjuL7PzHE92hLQdJMVmSwlD3vsSffnMRTEpE5jFobSCOf6mBnUm
o1TZX3NwzjbA76LO6DoPmxrehNlDCpOXggL/7A1YsYT645P7hJQTGlQjA9HrIKOI
txMQTWmLaUTUDFxDf6fgKbyE5jhpUsqfKjLbEUr17gRhX9x6r4MvBUdOS6BXFJ+V
BD8br3BQWOOrMSzmQFSmUlzoxu68lu+wZ0QuGkQ14F3yE4dI2jkAsA8A6w5X6hx4
20nD7ETW13dLPfZUq8gka5wyvaP5ruaPf3Rgu/F5TAHO9x2NdAbffJve05cD2L+w
qLjdihlxoFycOySGqk3xWIJxVp097qPjlL36UV18nCif0SeoCTxYsHxTcDoCjH8j
8SJvtzUG270mvA4keaFNh9ICLWiSmaq7b7ax4Jske13vl269PEiR0l25PyICdvL6
CcnAycpvJDsaWwkL8Pqo/BuIJAWufHU+zxU/dgMgbJ6bWTyIGN002+9jGFtWLqbu
FWLXjBmDAvwHYd/x95va5Eg2yehbGLC1f0PwuH9UTXo4PXjc9HE7WaMAz8KnaZAn
Z8Df+JmAqG9NSsTRqhibKdUMWU1RnFh4bVLcL0fbGwI=
=tT3X
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F148026)

Apple Security Advisory 2018-06-01-5 (PacketStormID:F148026)
2018-06-04 00:00:00
Apple  apple.com
advisory,denial of service,overflow,vulnerability,code execution
apple
CVE-2018-4192,CVE-2018-4198,CVE-2018-4201,CVE-2018-4206,CVE-2018-4211,CVE-2018-4214,CVE-2018-4218,CVE-2018-4222,CVE-2018-4223,CVE-2018-4224,CVE-2018-4225,CVE-2018-4226,CVE-2018-4233,CVE-2018-4235,CVE-2018-4237,CVE-2018-4240,CVE-2018-4241,CVE-2018-4243,CVE-2018-4246,CVE-2018-4249
[点击下载]

Apple Security Advisory 2018-06-01-5 - watchOS 4.3.1 addresses buffer overflow, code execution, and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-5 watchOS 4.3.1

watchOS 4.3.1 addresses the following:

Crash Reporter
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
error handling.
CVE-2018-4206: Ian Beer of Google Project Zero

FontParser
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2018-4241: Ian Beer of Google Project Zero
CVE-2018-4243: Ian Beer of Google Project Zero

Kernel
Available for: All Apple Watch models
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

libxpc
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

Messages
Available for: All Apple Watch models
Impact: A local user may be able to conduct impersonation attacks
Description: An injection issue was addressed with improved input
validation.
CVE-2018-4235: Anurodh Pokharel of Salesforce.com

Messages
Available for: All Apple Watch models
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: This issue was addressed with improved message
validation.
CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd

Security
Available for: All Apple Watch models
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4224: Abraham Masri (@cheesecakeufo)

Security
Available for: All Apple Watch models
Impact: A local user may be able to modify the state of the Keychain
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4225: Abraham Masri (@cheesecakeufo)

Security
Available for: All Apple Watch models
Impact: A local user may be able to read a persistent account
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4223: Abraham Masri (@cheesecakeufo)

Security
Available for: All Apple Watch models
Impact: A local user may be able to view sensitive user information
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4226: Abraham Masri (@cheesecakeufo)

UIKit
Available for: All Apple Watch models
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A validation issue existed in the handling of text. This
issue was addressed with improved validation of text.
CVE-2018-4198: Hunter Byrnes

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A race condition was addressed with improved locking.
CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat
of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4214: found by OSS-Fuzz

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4246: found by OSS-Fuzz

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4201: an anonymous researcher
CVE-2018-4218: Natalie Silvanovich of Google Project Zero
CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4222: Natalie Silvanovich of Google Project Zero

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa1EpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHP94xAA
l+d4sP5XqhuvxSipcwh8808OYR5vQ8hgeErHoWmqC06rq/8ycvkRi82abiTITTWo
fDpMeOH86qtsk1r+J//pgTVSYBIo+hvbj4dMX3dxnnlOECNAzTWAD2Uyn28Y5p9w
QtolV6fsNzBMKruMTYHYZ+4LjCMz6fdBdGkZ1ojhRcV9uMgMFLn1NGKGjHeprxUl
ecfQgjkw/712UtDHYMI0ThAMdPuINih9br3TOUJtoXJxt4RTaGXUFwIZr40/t836
GYYE3N1opcdpcaxb6+ukKQ25rrdgPPCCPUVY/HDzTPApUvX3QUsBxteb/uudOo8M
hr8FnIu5VWLHyYYmVtATqMkZyWOUY0Z7pqwW+Q/BZ+/yPnF9wKhl/LA19aXxOD93
62pcsvLd89pqt2/nkCcxQ4+20m8wIHH6PTNL72ME9+Orp7snIIfHuTfNZul1R9Vz
stsIQTNfCKM1TdB4vPx5YyBZrGjMmCjE3J8QeET5RwoeBwGbE1qJze4c1iPg43FT
q1G9aMzW18l/T9JLsm2GOtMpH9L9OsggvUxoJY83TqHb9UTCVoxOcKsOIDr4LP4+
1rz+GZO5ALWgposq98LMrsfhQdLpIa3054lsMC09GAwHlHV2XQHOIi1nOuOMemR3
lWy8ANRyD6Rm6SDHuhDwTUnkVaRAjWtH92i7xR5Ggd0=
=JHlP
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F148018)

Apple Security Advisory 2018-06-01-4 (PacketStormID:F148018)
2018-06-04 00:00:00
Apple  apple.com
advisory,denial of service,overflow,vulnerability,code execution
cisco,apple
CVE-2018-4100,CVE-2018-4188,CVE-2018-4190,CVE-2018-4192,CVE-2018-4198,CVE-2018-4199,CVE-2018-4201,CVE-2018-4202,CVE-2018-4204,CVE-2018-4211,CVE-2018-4214,CVE-2018-4215,CVE-2018-4218,CVE-2018-4221,CVE-2018-4222,CVE-2018-4223,CVE-2018-4224,CVE-2018-4225,CVE-2018-4226,CVE-2018-4227,CVE-2018-4232,CVE-2018-4233,CVE-2018-4235,CVE-2018-4237,CVE-2018-4238,CVE-2018-4239,CVE-2018-4240,CVE-2018-4241
[点击下载]

Apple Security Advisory 2018-06-01-4 - iOS 11.4 addresses buffer overflow, code execution, and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-4 iOS 11.4

iOS 11.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4215: Abraham Masri (@cheesecakeufo)

Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted vcf file may lead to a
denial of service
Description: A validation issue existed in the handling of phone
numbers. This issue was addressed with improved validation of phone
numbers.
CVE-2018-4100: Abraham Masri (@cheesecakeufo)

FontParser
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

iBooks
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
spoof password prompts in iBooks
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4202: Jerry Decime

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2018-4241: Ian Beer of Google Project Zero
CVE-2018-4243: Ian Beer of Google Project Zero

libxpc
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

Magnifier
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
view the last image used in Magnifier from the lockscreen
Description: A permissions issue existed in Magnifier.  This was
addressed with additional permission checks.
CVE-2018-4239: an anonymous researcher

Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exfiltrate the contents of
S/MIME-encrypted e-mail
Description: An issue existed in the handling of encrypted Mail. This
issue was addressed with improved isolation of MIME in Mail.
CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences,
Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University
Bochum

Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to conduct impersonation attacks
Description: An injection issue was addressed with improved input
validation.
CVE-2018-4235: Anurodh Pokharel of Salesforce.com

Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: This issue was addressed with improved message
validation.
CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd
CVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya

Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious website may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise
Solutions

Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read a persistent account
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4223: Abraham Masri (@cheesecakeufo)

Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Users may be tracked by malicious websites using client
certificates
Description: An issue existed in the handling of S-MIME
certificaties. This issue was addressed with improved validation of
S-MIME certificates.
CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences,
Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University
Bochum

Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4224: Abraham Masri (@cheesecakeufo)

Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify the state of the Keychain
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4225: Abraham Masri (@cheesecakeufo)

Security
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to view sensitive user information
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4226: Abraham Masri (@cheesecakeufo)

Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
enable Siri from the lock screen
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can
BIKMAZ (@CanBkmaz) of Mustafa Kemal University

Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn)

Siri Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2018-4244: an anonymous researcher

UIKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A validation issue existed in the handling of text. This
issue was addressed with improved validation of text.
CVE-2018-4198: Hunter Byrnes

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4201: an anonymous researcher
CVE-2018-4218: Natalie Silvanovich of Google Project Zero
CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils
of MWR Labs working with Trend Micro's Zero Day Initiative

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a maliciously crafted website may lead to cookies
being overwritten
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2018-4232: an anonymous researcher, Aymeric Chaib

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A race condition was addressed with improved locking.
CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat
of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4214: found by OSS-Fuzz

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working
with Trend Micro's Zero Day Initiative

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4246: found by OSS-Fuzz

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: Credentials were unexpectedly sent when fetching CSS
mask images. This was addressed by using a CORS-enabled fetch method.
CVE-2018-4190: Jun Kokatsu (@shhnjk)

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4222: Natalie Silvanovich of Google Project Zero

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 11.4".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa1ApHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHObHBAA
jBRwdrK3Eks7V798k16MQFOvlqkofZWO3D+Qxb5OSzxixGy0r/vml78tnerJ546C
p9UrL/1IxH1PERiWevubg6nbWFstBrOhY0FWLiope9oLAMB92iMM/7a+O/6EHjOc
9p6Y/Bud0OwFHEoJmN4HLGMUubm1uTAdalXSmfanxuFvjpxAeczYvW/+wAblOnHr
KfclXy68dfUlW0NMP0kbQwnk1lVrb8QKEeayYli19c8zSVC38eYyKYZwhRC37yWT
ViBRSz9zVvgJQKX4JgjV6cRO3uIFZX+sksr6VdMM0nHjsTUT6Mc+IAe9Is3YlJCO
x0H8+WeloeKrwNDs60Grz7tRNVpevIlInLEQJkuoOD3niWqzt0Q40IzCNlgd8FBv
ZB5iencgWy/ObRJSgoOq29EIlt+KEb9nSJx3h6kByo0ZxYhSVrDm44cHzCF0+/zN
vY4XR3hJpc1S3ySiSkWHIhqjPAEP7cb/D7Az/5SGgle8cklem5haOdzAkeOHnzim
laKEg+F3vue6W+n9iv0x0byVBhC5Xr1iNuRh7+uor5TIVPR2s4moWOWvyTruG2Kk
RLlL700y2OZl/04nTgxxShCwLygXiKd07nuFIh4fKiMcGw31HKx1Choof6sPHqzo
Grg2dx9YQXTCTIsdDNG581MIwzVvJPLSM5OeNsHQEd0=
=7ZCv
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F148015)

Apple Security Advisory 2018-06-01-1 (PacketStormID:F148015)
2018-06-01 00:00:00
Apple  apple.com
advisory,denial of service,overflow,vulnerability,code execution
apple
CVE-2018-4141,CVE-2018-4159,CVE-2018-4171,CVE-2018-4184,CVE-2018-4193,CVE-2018-4196,CVE-2018-4198,CVE-2018-4202,CVE-2018-4211,CVE-2018-4219,CVE-2018-4221,CVE-2018-4223,CVE-2018-4224,CVE-2018-4225,CVE-2018-4226,CVE-2018-4227,CVE-2018-4228,CVE-2018-4229,CVE-2018-4230,CVE-2018-4234,CVE-2018-4235,CVE-2018-4236,CVE-2018-4237,CVE-2018-4240,CVE-2018-4241,CVE-2018-4242,CVE-2018-4243,CVE-2018-4249
[点击下载]

Apple Security Advisory 2018-06-01-1 - macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan are now available and address buffer overflow, code execution, and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5,
Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018-003 El Capitan are now available and address
the following:

Accessibility Framework
Available for: macOS High Sierra 10.13.4
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An information disclosure issue existed in Accessibility
Framework. This issue was addressed with improved memory management.
CVE-2018-4196: G. Geshev working with Trend Micro's Zero Day
Initiative, an anonymous researcher

AMD
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team

apache_mod_php
Available for: macOS High Sierra 10.13.4
Impact: Issues in php were addressed in this update
Description: This issue was addressed by updating to php version
7.1.16.
CVE-2018-7584: Wei Lei and Liu Yang of Nanyang Technological
University

ATS
Available for: macOS High Sierra 10.13.4
Impact: A malicious application may be able to elevate privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4219: Mohamed Ghannam (@_simo36)

Bluetooth
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to determine kernel
memory layout.
Description: An information disclosure issue existed in device
properties. This issue was addressed with improved object management.
CVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team

Firmware
Available for: macOS High Sierra 10.13.4
Impact: A malicious application with root privileges may be able to
modify the EFI flash memory region
Description: A device configuration issue was addressed with an
updated configuration.
CVE-2018-4251: Maxim Goryachy and Mark Ermolov

FontParser
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

Grand Central Dispatch
Available for: macOS High Sierra 10.13.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An issue existed in parsing entitlement plists. This
issue was addressed with improved input validation.
CVE-2018-4229: Jakob Rieck (@0xdead10cc) of the Security in
Distributed Systems Group, University of Hamburg

Graphics Drivers
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4159: Axis and pjf of IceSword Lab of Qihoo 360

Hypervisor
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team

iBooks
Available for: macOS High Sierra 10.13.4
Impact: An attacker in a privileged network position may be able to
spoof password prompts in iBooks
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4202: Jerry Decime

Intel Graphics Driver
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4141: an anonymous researcher, Zhao Qixun (@S0rryMybad) of
Qihoo 360 Vulcan Team

IOFireWireAVC
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2018-4228: Benjamin Gnahm (@mitp0sh) of Mentor Graphics

IOGraphics
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4236: Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team

IOHIDFamily
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4234: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: In some circumstances, some operating systems may not
expect or properly handle an Intel architecture debug exception after
certain instructions. The issue appears to be from an undocumented
side effect of the instructions. An attacker might utilize this
exception handling to gain access to Ring 0 and access sensitive
memory or control operating system processes.
CVE-2018-8897: Andy Lutomirski, Nick Peterson
(linkedin.com/in/everdox) of Everdox Tech LLC

Kernel
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2018-4241: Ian Beer of Google Project Zero
CVE-2018-4243: Ian Beer of Google Project Zero

libxpc
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

Mail
Available for: macOS High Sierra 10.13.4
Impact: An attacker may be able to exfiltrate the contents of
S/MIME-encrypted e-mail
Description: An issue existed in the handling of encrypted Mail. This
issue was addressed with improved isolation of MIME in Mail.
CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences
, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr
University Bochum

Messages
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to conduct impersonation attacks
Description: An injection issue was addressed with improved input
validation.
CVE-2018-4235: Anurodh Pokharel of Salesforce.com

Messages
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: This issue was addressed with improved message
validation.
CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd

NVIDIA Graphics Drivers
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2018-4230: Ian Beer of Google Project Zero

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read a persistent account
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4223: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: Users may be tracked by malicious websites using client
certificates
Description: An issue existed in the handling of S-MIME
certificaties. This issue was addressed with improved validation of
S-MIME certificates.
CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences
, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr
University Bochum

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4224: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to modify the state of the Keychain
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4225: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to view sensitive user information
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4226: Abraham Masri (@cheesecakeufo)

Speech
Available for: macOS High Sierra 10.13.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A sandbox issue existed in the handling of microphone
access. This issue was addressed with improved handling of microphone
access.
CVE-2018-4184: Jakob Rieck (@0xdead10cc) of the Security in
Distributed Systems Group, University of Hamburg

UIKit
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A validation issue existed in the handling of text. This
issue was addressed with improved validation of text.
CVE-2018-4198: Hunter Byrnes

Windows Server
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4193: Markus Gaasedelen, Nick Burnett, and Patrick Biernat
of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative,
Richard Zhu (fluorescence) working with Trend Micro's Zero Day
Initiative

Installation note:

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018-003 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRbFIpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHN6lRAA
tt5VzB3jm/7h22ANDQSqmRJz9kWH9VSqvqdY9uliGT5K5tHKZKKNEmZHn7P+JRzH
OIJ+JAvHAXtwrcFgOeZgoH9x5DEK40XDKtx/1wYZG8DgLbXuCSGG106TWrg6Jn8O
9aQGl9apSXxLf6YO2k6WbTV701lc4OXjG012U9X1dV/YWGYb3IJkJuBfe/N8Gxo7
OSv7U0xstKE1bE+5qCOH3ICTD3iX6zyClE8Vud8uqwe3qmY6YqqsqG1jS4IYLrif
DUt+yidKSnBfCo/e2PK2RGTCiB21HiMDJ1D19MwpqoW6w1SM+dyMn04mfISm1X/c
hRpNJqNORutkYGSZpTl+E2Tcx1WjliE8yixpNeNocxtZeSq3qMTB03UBQq3oEX/o
u+klAxs11nXLWSlyaXKlpADaSPWhN18Z3SGMBapNhBg5iqkx4PmLCKywXZJWHQjo
QMq99RgPCyD1NW6TnSprZO3I0Of3hKeyzxwTyOTj/t8NM255kYQysIbNIV9MGQ2A
M/8yjHhLb1qemyO+2rT2sbfWKO2AR3o0BCSvglwEs/Vwe4FKCK9X7VJhvW/1ZN1B
ezKzAj6Rs8SCXGrxtO4YN/58eBl5Nhx+7SLqT/VfrMpnh0pwX1Q8VOaR2kGtlMgQ
dya+/kGApCUS8zQgfOp6CDq2T3BZV7p62J7sSJnVQic=
=qyX+
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F148061)

XNU Kernel MPTCP Head Overflow (PacketStormID:F148061)
2018-06-05 00:00:00
Google Security Research,ianbeer  
exploit,overflow,kernel
CVE-2018-4241
[点击下载]

The XNU kernel suffers from a heap overflow vulnerability due to bad bounds checking in MPTCP.

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站