-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5,
Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018-003 El Capitan are now available and address
the following:

Accessibility Framework
Available for: macOS High Sierra 10.13.4
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An information disclosure issue existed in Accessibility
Framework. This issue was addressed with improved memory management.
CVE-2018-4196: G. Geshev working with Trend Micro's Zero Day
Initiative, an anonymous researcher

AMD
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team

apache_mod_php
Available for: macOS High Sierra 10.13.4
Impact: Issues in php were addressed in this update
Description: This issue was addressed by updating to php version
7.1.16.
CVE-2018-7584: Wei Lei and Liu Yang of Nanyang Technological
University

ATS
Available for: macOS High Sierra 10.13.4
Impact: A malicious application may be able to elevate privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4219: Mohamed Ghannam (@_simo36)

Bluetooth
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to determine kernel
memory layout.
Description: An information disclosure issue existed in device
properties. This issue was addressed with improved object management.
CVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team

Firmware
Available for: macOS High Sierra 10.13.4
Impact: A malicious application with root privileges may be able to
modify the EFI flash memory region
Description: A device configuration issue was addressed with an
updated configuration.
CVE-2018-4251: Maxim Goryachy and Mark Ermolov

FontParser
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

Grand Central Dispatch
Available for: macOS High Sierra 10.13.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An issue existed in parsing entitlement plists. This
issue was addressed with improved input validation.
CVE-2018-4229: Jakob Rieck (@0xdead10cc) of the Security in
Distributed Systems Group, University of Hamburg

Graphics Drivers
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4159: Axis and pjf of IceSword Lab of Qihoo 360

Hypervisor
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team

iBooks
Available for: macOS High Sierra 10.13.4
Impact: An attacker in a privileged network position may be able to
spoof password prompts in iBooks
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4202: Jerry Decime

Intel Graphics Driver
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4141: an anonymous researcher, Zhao Qixun (@S0rryMybad) of
Qihoo 360 Vulcan Team

IOFireWireAVC
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2018-4228: Benjamin Gnahm (@mitp0sh) of Mentor Graphics

IOGraphics
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4236: Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team

IOHIDFamily
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4234: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: In some circumstances, some operating systems may not
expect or properly handle an Intel architecture debug exception after
certain instructions. The issue appears to be from an undocumented
side effect of the instructions. An attacker might utilize this
exception handling to gain access to Ring 0 and access sensitive
memory or control operating system processes.
CVE-2018-8897: Andy Lutomirski, Nick Peterson
(linkedin.com/in/everdox) of Everdox Tech LLC

Kernel
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2018-4241: Ian Beer of Google Project Zero
CVE-2018-4243: Ian Beer of Google Project Zero

libxpc
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero
Day Initiative

Mail
Available for: macOS High Sierra 10.13.4
Impact: An attacker may be able to exfiltrate the contents of
S/MIME-encrypted e-mail
Description: An issue existed in the handling of encrypted Mail. This
issue was addressed with improved isolation of MIME in Mail.
CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences
, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr
University Bochum

Messages
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to conduct impersonation attacks
Description: An injection issue was addressed with improved input
validation.
CVE-2018-4235: Anurodh Pokharel of Salesforce.com

Messages
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: This issue was addressed with improved message
validation.
CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd

NVIDIA Graphics Drivers
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2018-4230: Ian Beer of Google Project Zero

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read a persistent account
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4223: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: Users may be tracked by malicious websites using client
certificates
Description: An issue existed in the handling of S-MIME
certificaties. This issue was addressed with improved validation of
S-MIME certificates.
CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied
Sciences, Christian Dresen of MA1/4nster University of Applied Sciences
, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster
University of Applied Sciences, Sebastian Schinzel of MA1/4nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr
University Bochum

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4224: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to modify the state of the Keychain
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4225: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to view sensitive user information
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4226: Abraham Masri (@cheesecakeufo)

Speech
Available for: macOS High Sierra 10.13.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A sandbox issue existed in the handling of microphone
access. This issue was addressed with improved handling of microphone
access.
CVE-2018-4184: Jakob Rieck (@0xdead10cc) of the Security in
Distributed Systems Group, University of Hamburg

UIKit
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A validation issue existed in the handling of text. This
issue was addressed with improved validation of text.
CVE-2018-4198: Hunter Byrnes

Windows Server
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4193: Markus Gaasedelen, Nick Burnett, and Patrick Biernat
of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative,
Richard Zhu (fluorescence) working with Trend Micro's Zero Day
Initiative

Installation note:

macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and
Security Update 2018-003 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRbFIpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHN6lRAA
tt5VzB3jm/7h22ANDQSqmRJz9kWH9VSqvqdY9uliGT5K5tHKZKKNEmZHn7P+JRzH
OIJ+JAvHAXtwrcFgOeZgoH9x5DEK40XDKtx/1wYZG8DgLbXuCSGG106TWrg6Jn8O
9aQGl9apSXxLf6YO2k6WbTV701lc4OXjG012U9X1dV/YWGYb3IJkJuBfe/N8Gxo7
OSv7U0xstKE1bE+5qCOH3ICTD3iX6zyClE8Vud8uqwe3qmY6YqqsqG1jS4IYLrif
DUt+yidKSnBfCo/e2PK2RGTCiB21HiMDJ1D19MwpqoW6w1SM+dyMn04mfISm1X/c
hRpNJqNORutkYGSZpTl+E2Tcx1WjliE8yixpNeNocxtZeSq3qMTB03UBQq3oEX/o
u+klAxs11nXLWSlyaXKlpADaSPWhN18Z3SGMBapNhBg5iqkx4PmLCKywXZJWHQjo
QMq99RgPCyD1NW6TnSprZO3I0Of3hKeyzxwTyOTj/t8NM255kYQysIbNIV9MGQ2A
M/8yjHhLb1qemyO+2rT2sbfWKO2AR3o0BCSvglwEs/Vwe4FKCK9X7VJhvW/1ZN1B
ezKzAj6Rs8SCXGrxtO4YN/58eBl5Nhx+7SLqT/VfrMpnh0pwX1Q8VOaR2kGtlMgQ
dya+/kGApCUS8zQgfOp6CDq2T3BZV7p62J7sSJnVQic=
=qyX+
-----END PGP SIGNATURE-----