-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception after certain instructions. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes. CVE-2018-8897: Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC Entry added May 8, 2018 LinkPresentation Available for: macOS High Sierra 10.13.4 Impact: Processing a maliciously crafted text message may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_) Installation note: Security Update 2018-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlrxvQQpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEY/HxAA tRDFZcMPnxucIk9vENarx+oXzhMPGDJri16zOS9m7gv019GP10OJ2aDyr6GQpaK1 s0eCGXMqXuZ3mr7ZDikleB0xddPi+9mEjqSkfgxeP7WKFXSjAFCjc6sbv1SSq8IH km4yqtbQLFiVmL4BYnVW0GhYwWAgFn3QAKKZjD6TZYTrtOnxuQKkPqhZgD3xLG8y aYd0FgRX2AN23c157Gvn/nN3gYAtLxhlCwv5DcMuDH9BNPB6RR+qNPWaz6nxOukm aOeigkHhYwvVK4AlITE06R4UBJRq8LBxC2xLzEbr4jQZnRq1uT94w4SqCLhJUQ1z e7k5Aj9tp1HnS5ZSX6+lOohMDI3iQ8h3XS4NGj4I962QIlovuCmAgkqzN/OeH4LV sxmqUEF/SeriryotcN/NCRjQSbmjwleVkmJ6pcEUTT3X+/EuFgOajj1/jm9ntrDv 4rsB/6CxZSC5+dW51L337GsjxPMiNBHhALXYuen/Xd35kU7YOLosFeFlednmBgYY otXb832XGmW2C65uM/+zWJHJ/DW0NXF2GZkvD15rd7SUdKQjyO9003TJFudx3w4W 9y9LXSIF7b7KW1SaAgHr3ayWaXsioaSOeBrlURG6o/eLfRfrrBiwAMNqn/TPwsP1 /S1rasMuleP9L8h3kSm0Z1+j7iZIDaCuIZ2fgP6G/UE= =fLK2 -----END PGP SIGNATURE-----