what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2018-10-30-5

Apple Security Advisory 2018-10-30-5
Posted Oct 31, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-10-30-5 - tvOS 12.1 is now available and addresses code execution, denial of service, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2018-4368, CVE-2018-4369, CVE-2018-4371, CVE-2018-4372, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386, CVE-2018-4392, CVE-2018-4394, CVE-2018-4398, CVE-2018-4409, CVE-2018-4413, CVE-2018-4416, CVE-2018-4419, CVE-2018-4420
SHA-256 | e6780863e9995b96363ff9c2d4ba7998a18cb5cfc0e6cfe9ed734a006e414100

Apple Security Advisory 2018-10-30-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-10-30-5 tvOS 12.1

tvOS 12.1 is now available and addresses the following:

CoreCrypto
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum

ICU
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher

IPSec
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)

NetworkExtension
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may be able to cause a denial of service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team

WiFi
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische UniversitA$?t Darmstadt

Additional recognition

Certificate Signing
We would like to acknowledge YiAit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GlRw/7
B26eM0inif5Z1FZpS7IahAaEDjdzKHQ6gfxMn/qk/LlhiiZmh81phm2Xj2wimdEt
5fNLZAsxX7MKkyS3wxdjC7zLRVV0tFkSZ5YsZkYfeIhc4HqEhVtG2suRdlDK0yJV
BCiT4FBfo6l9HvQM+sQEPfe+5ILw74IuAyOfoQWHPCQZccH5BnysEzn+UVqGClgR
+lnCkhgsok5tFg+DzQeZMvkXsW9ddweUTPF26UhjKZbCnhrvBe4QMQRyh+2nY8Vt
UswV3SVzstW6PUtAlY7+TIsDaKgeWUV9DeKsOIDr7orK7cKDR4pr0khwR/k0yLUo
X5Pt4L5zfNGw0ugEIVmT46wSEQJ3RWn9bTUAIyxJBX1x1HN38bJuSHqTgmtMqhO7
JDxXUGIRLYLrye/zopNh2Pa/0hwXjmaJp+YyU2RorUWspK2GIuFHeirxJVRrtfG+
44T7qw68xdWG2oAaUFL026HXwYfuohH992q/dAXOIClBx3uha21ORArQ0IpZkFJe
TqpS+LsC8qA/Q47gWJD7TDDiPfq2d7s8tRf7agjLj++/Roz0uV4MffwZTI5NgoMn
Dn7LHFdvhLoGNYg7pSaAhT2QMIork710EvSi9w+k68PsPWpwLOdpY8vbLqH3XPfe
iLQmRA7I+M2b9RS1V7FpjBEIXmIGJ6JP83ISl74ew3E=
=ifDV
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close