Apple Releases Security Updates for iOS, tvOS, watchOS and Xcode
On March 29, 2018, Apple releases the security update to fix vulnerabilities in multiple products. This security update is for iOS, tvOS, watchOS and Xcode. By exploiting these vulnerabilities, the attacker can take control of an affected system.
- iOS 11.3
- CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A denial of service issue was addressed through improved memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
- File System Events
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
CVE-2018-4167: Samuel Groß (@5aelo)
- Files Widget
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.
CVE-2018-4168: Brandon Moore
- Find My iPhone
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.
CVE-2018-4172: Viljami Vastamäki
- More…
- tvOS 11.3
- CoreFoundation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
CVE-2018-4155: Samuel Groß (@5aelo)
- CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A denial of service issue was addressed through improved memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
- File System Events
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
CVE-2018-4167: Samuel Groß (@5aelo)
- Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2018-4150: an anonymous researcher
- More…
- watchOS 4.3
- CoreFoundation
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
CVE-2018-4155: Samuel Groß (@5aelo)
CVE-2018-4158: Samuel Groß (@5aelo)
- CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A denial of service issue was addressed through improved memory handling.
CVE-2018-4142: Robin Leroy of Google Switzerland GmbH
- File System Events
Available for: All Apple Watch models
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
CVE-2018-4167: Samuel Groß (@5aelo)
- Kernel
Available for: All Apple Watch models
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2018-4150: an anonymous researcher
- More…
- Xcode 9.3
LLVMAvailable for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in llvm were addressed in this update
Description: Multiple issues were addressed by updating to version the current version of LLVM shipping with Xcode.
CVE-2018-4164: found by OSS-Fuzz