Description: | Summary: Apple Mac OS X is prone to multiple vulnerabilities.
Vulnerability Insight: Multiple flaws exist due to:
- A logic issue in validation.
- A memory corruption issue in memory handling.
- An injection issue in input validation.
- A race condition in locking.
- A validation issue in input sanitization.
- A type confusion issue in memory handling.
- A buffer overflow issue in bounds checking.
- A device configuration issue in configuration.
- An out-of-bounds read issue leading to the disclosure of kernel memory.
- A sandbox issue in handling of microphone access.
- An issue in parsing entitlement plists.
- An issue in the handling of S-MIME certificaties.
- An authorization issue in state management.
- An issue in the handling of encrypted Mail.
- An input validation issue.
- A memory corruption vulnerability in improved locking.
- An information disclosure issue in Accessibility Framework.
- A validation issue existed in the handling of text.
Vulnerability Impact: Successful exploitation will allow remote attackers to gain elevated privileges, execute arbitrary code, conduct impersonation attacks, read restricted memory, modify the EFI flash memory region, circumvent sandbox restrictions, read a persistent account identifier, read kernel memory, view sensitive user information, exfiltrate the contents of S/MIME- encrypted e-mail, spoof password prompts in iBooks and cause denial of service.
Affected Software/OS: Apple Mac OS X versions, 10.13.x through 10.13.4
Solution: Upgrade to Apple Mac OS X 10.13.5 or later. Please see the references for more information.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|