what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2018-06-01-2

Apple Security Advisory 2018-06-01-2
Posted Jun 4, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-06-01-2 - Safari 11.1.1 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-4188, CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4205, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246, CVE-2018-4247
SHA-256 | 3b129ec8c32d415c71e324c81aae832401cb0b0f0807f06a01fe2a4b09b9d057

Apple Security Advisory 2018-06-01-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-2 Safari 11.1.1

Safari 11.1.1 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: A malicious website may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise
Solutions

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4205: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a maliciously crafted website may lead to cookies
being overwritten
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2018-4232: an anonymous researcher, Aymeric Chaib

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4246: found by OSS-Fuzz

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A race condition was addressed with improved locking.
CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat
of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4214: found by OSS-Fuzz

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4201: an anonymous researcher
CVE-2018-4218: Natalie Silvanovich of Google Project Zero
CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils
of MWR Labs working with Trend Micro's Zero Day Initiative

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: Credentials were unexpectedly sent when fetching CSS
mask images. This was addressed by using a CORS-enabled fetch method.
CVE-2018-4190: Jun Kokatsu (@shhnjk)

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4222: Natalie Silvanovich of Google Project Zero

Installation note:

Safari 11.1.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa04pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHOVEQ/+
P+thAL+hl4RuHIXCrfh/eZ+GgwPXDDVSPRefnHckiEMZSXpSDiTTu1JwWkgHf44l
xwOqvFd56zSVo/gk/45FnOcpoXxcFuHk2ddJvZM4R4EaCwKW3PEcTIL+8klxyDWo
17HqxtfB32Gy6BSARcfTkXZ1/c4CfhQefYiU2JtLDui6iZLUzDEGWdQRf/Q0H8tx
DNBVy1i5HGZdrZ6sgR7eKZKyuscqj9n0IbBUybPOQ37OFRfl8CYPT+XB6djgWGxo
sLkZi+XYl/O/PXzQt9XfxkgKUjvvlR2hkt2mKTjFEUQDQIha4BkE2+1EdJZPNROz
LRbMnxiAvY/7vb5a98h8nmXe3Z/Os/BZYyipMQjbMQt5BNkRHQK03prn7kd/g1F1
eKeplTnob9CDMcEbdnn5KvkdYcoyJFqcignVvGFJQupAU8+HJgneH4ky5laGkHY5
8JU98flmzwySOmqaTLNqfDKDQlH0Vz053KAyxZ1S8DKfmdG7ulB0lWeD02pL/vdB
aAV5jI08/QpXasU2cbM0tHO1rPiYocXCSZJKNvFVlkP6z/l7hiGnJ50x1uG4eYX9
dY8K0wTe76q/co81DWUkvd+D7634tL0vmv9K3bpFoyPQJCzn2EPl97IYFcLdtGC7
NQRA+mye5jeky3zqYi5GZTuVWIqR8+I0vkYp4YHjli8=
=LQMS
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close