Apple iOS and macOS Multiple Security Vulnerabilities

Bugtraq ID:	103957
Class:	Input Validation Error
CVE:	CVE-2018-4206 CVE-2018-4187
Remote:	Yes
Local:	No
Published:	Apr 24 2018 12:00AM
Updated:	Jun 04 2018 05:00PM
Credit:	Ian Beer of Google Project Zero and Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)
Vulnerable:	Apple tvOS 11.2.6 Apple tvOS 11.2.5 Apple tvOS 10.1.1 Apple tvOS 10.0.1 Apple tvOS 9.2.2 Apple tvOS 9.2.1 Apple tvOS 9.1.1 Apple tvOS 9.2 Apple tvOS 9.1 Apple tvOS 9.0 Apple tvOS 11.2.1 Apple tvOS 11.2 Apple tvOS 11.1 Apple tvOS 11 Apple tvOS 10.2.2 Apple tvOS 10.2.1 Apple tvOS 10.2 Apple tvOS 10.1 Apple tvOS 10 Apple macOS 10.13.1 Apple macOS 10.13.4 Apple macOS 10.13.3 Apple macOS 10.13.2 Apple macOS 10.13 Apple macOS 10.12.6 Apple macOS 10.12.5 Apple macOS 10.12.4 Apple macOS 10.12.3 Apple macOS 10.12.2 Apple macOS 10.12.1 Apple macOS 10.12 Apple iPod Touch 0 Apple iPad Air 0 Apple iOS 5 0 Apple iOS 4 0 Apple iOS 3 0 Apple iOS 10.2.1 Apple iOS 10.0.1 Apple iOS 9.3.4 Apple iOS 9.3.3 Apple iOS 9.3.2 Apple iOS 9.3.1 Apple iOS 9.2.1 Apple iOS 9.0.2 Apple iOS 9.0.1 Apple iOS 8.4.1 Apple iOS 7.2 Apple iOS 7.0.6 Apple iOS 7.0.5 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 9.3.5 Apple iOS 9.3 Apple iOS 9.2 Apple iOS 9.1 Apple iOS 9 Apple iOS 8.4 Apple iOS 8.3 Apple iOS 8.2 Apple iOS 8.1.3 Apple iOS 8.1.2 Apple iOS 8.1.1 Apple iOS 8.1 Apple iOS 8 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple iOS 11.3 Apple iOS 11.2.6 Apple iOS 11.2.5 Apple iOS 11.2.2 Apple iOS 11.2.1 Apple iOS 11.2 Apple iOS 11.1 Apple iOS 11 Apple iOS 10.3.3 Apple iOS 10.3.2 Apple iOS 10.3.1 Apple iOS 10.3 Apple iOS 10.2 Apple iOS 10.1 Apple iOS 10
Not Vulnerable:	Apple tvOS 11.4 Apple macOS Security Update 2018 Apple iOS 11.3.1

Apple iOS and macOS Multiple Security Vulnerabilities

Apple iOS and macOS are prone to multiple security vulnerabilities.

An attacker can exploit these issues to perform unauthorized actions, and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition.

Apple iOS and macOS Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple iOS and macOS Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple iOS and macOS Multiple Security Vulnerabilities

References:

• Apple Home Page (Apple)
  
• Apple iOS Homepage (Apple)
  
• Security Update 2018-001 (Apple)
  
• APPLE-SA-2018-04-24-1 iOS 11.3.1 (Apple)
  
• APPLE-SA-2018-04-24-2 Security Update 2018-001 (Apple)
  
• APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security (Apple)
  
• APPLE-SA-2018-06-01-6 tvOS 11.4 (Apple)