Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple Patches iOS, Safari and MacOS SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Patches iOS, Safari and MacOS

Apple today released updated for Safari, macOS and iOS. The patches fix 4 different vulnerabilities. The most severe of the vulnerabilities affect WebKit. These vulnerablities could be exploited to execute arbitrary code if a user visits a malicous site.

Note that WebKit is also included in tvOS and watchOS. A patch release for these operating systems may be imminent and I will update this article as I see them.

Vulnerability Overview

CVE iOS MacOS/Safari Severity
CVE-2018-4200 yes yes critical
CVE-2018-4204 yes yes critical
CVE-2018-4206 yes yes important
CVE-2018-4187 yes yes important

Safari 11.1

This update patches two vulnerabilities in WebKit. This update also applies to older still supported versions of OS X / MacOS (10.11/12, El Capitan, Sierra) in addition to the latest version ( High Sierra, 10.13.4). iOS patches the same WebKit vulnerablities.

Vulnerability Impact Description CVE
WebKit Processing maliciously crafted web content may lead to arbitrary code execution A memory corruption issue was addressed with improved state management. CVE-2018-4200
WebKit Processing maliciously crafted web content may lead to arbitrary code execution A memory corruption issue was addressed with improved memory handling. CVE-2018-4204

MacOS Security update 2018-001 for macOS High Sierra 10.13

For MacOS High Sierra (10.13), Apple patches two vulnerabilities. One fixes a vulnerability in Crash Reporter, the second one fixes a vulnerability in how URL links are displayed.

Vulnerability Impact Description CVE
Crash Reporter An application may be able to gain elevated privileges A memory corruption issue was addressed with improved error handling. CVE-2018-4206
LinkPresentation Processing a maliciously crafted text message may lead to UI spoofing A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4187

iOS 11.3.1

4 Vulnerabilities are being patched in iOS 11.3. The update applies to iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

The iOS update is essentially the sum of the macOS and Safari update.

Vulnerability Impact Description CVE
Crash Reporter An application may be able to gain elevated privileges A memory corruption issue was addressed with improved error handling. CVE-2018-4206
LinkPresentation Processing a maliciously crafted text message may lead to UI spoofing A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4187
WebKit Processing maliciously crafted web content may lead to arbitrary code execution A memory corruption issue was addressed with improved state management. CVE-2018-4200
WebKit Processing maliciously crafted web content may lead to arbitrary code execution A memory corruption issue was addressed with improved memory handling. CVE-2018-4204

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

 Johannes

3693 Posts
ISC Handler
Subscribe Apr 24th 2018
1 year ago

Sign Up for Free or Log In to start participating in the conversation!