Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability

Bugtraq ID:	104378
Class:	Design Error
CVE:	CVE-2018-4224
Remote:	No
Local:	Yes
Published:	Jun 01 2018 12:00AM
Updated:	Jun 01 2018 12:00AM
Credit:	Abraham Masri (@cheesecakeufo)
Vulnerable:	Microsoft Windows 7 eSignal eSignal 6.0.2 Apple watchOS 10.1.1 Apple watchOS 3.1.3 Apple watchOS 3.1.1 Apple watchOS 2.2.2 Apple watchOS 2.2.1 Apple watchOS 2.0.1 Apple watchOS 1.0.1 Apple watchOS 4.3 Apple watchOS 4.2.3 Apple watchOS 4.2.2 Apple watchOS 4.2 Apple watchOS 4.1 Apple watchOS 4 Apple watchOS 3.2.3 Apple watchOS 3.2.2 Apple watchOS 3.2.1 Apple watchOS 3.2 Apple watchOS 3.1 Apple watchOS 3.0 Apple watchOS 3 Apple watchOS 2.2 Apple watchOS 2.1 Apple watchOS 2.0 Apple watchOS 1.0 Apple Watch Hermes 0 Apple Watch Edition 0 Apple Watch 0 Apple tvOS 11.2.6 Apple tvOS 11.2.5 Apple tvOS 10.1.1 Apple tvOS 10.0.1 Apple tvOS 9.2.2 Apple tvOS 9.2.1 Apple tvOS 9.1.1 Apple tvOS 9.2 Apple tvOS 9.1 Apple tvOS 9.0 Apple tvOS 11.2.1 Apple tvOS 11.2 Apple tvOS 11.1 Apple tvOS 11 Apple tvOS 10.2.2 Apple tvOS 10.2.1 Apple tvOS 10.2 Apple tvOS 10.1 Apple tvOS 10 Apple TV 0 Apple macOS 10.13.4 Apple iTunes 12.7.4 Apple iTunes 12.7.3 Apple iTunes 12.6.2 Apple iTunes 12.5.5 Apple iTunes 12.5.1 Apple iTunes 12.4.2 Apple iTunes 12.3.2 Apple iTunes 12.3.1 Apple iTunes 11.2.1 Apple iTunes 11.1.5 Apple iTunes 11.1.4 Apple iTunes 11.1.3 Apple iTunes 11.1.2 Apple iTunes 11.1.1 Apple iTunes 11.0.5 Apple iTunes 11.0.4 Apple iTunes 11.0.2 Apple iTunes 10.6.3 Apple iTunes 10.6.1 Apple iTunes 10.5.1 Apple iTunes 10.1.2 Apple iTunes 9.2.1 Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 6.0.5 Apple iTunes 6.0.4 Apple iTunes 6.0.3 Apple iTunes 6.0.1 Apple iTunes 6.0 Apple iTunes 5.0 Apple iTunes 4.8 Apple iTunes 4.7.1 Apple iTunes 4.7 Apple iTunes 4.6 Apple iTunes 4.5 Apple iTunes 4.2 .72 Apple iTunes 9.2 Apple iTunes 9.1.1 Apple iTunes 9.1 Apple iTunes 9.0.3 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 7.4 Apple iTunes 12.7.2 Apple iTunes 12.7 Apple iTunes 12.6 Apple iTunes 12.5.4 Apple iTunes 12.5.2 Apple iTunes 12.4 Apple iTunes 12.3 Apple iTunes 12.2 Apple iTunes 12.0.1 Apple iTunes 11.2 Apple iTunes 11.1 Apple iTunes 11.0.3 Apple iTunes 11.0.1 Apple iTunes 11.0.0.163 Apple iTunes 11.0 Apple iTunes 10.7 Apple iTunes 10.6.1.7 Apple iTunes 10.6 Apple iTunes 10.5.3 Apple iTunes 10.5.2 Apple iTunes 10.5.1.42 Apple iTunes 10.5 Apple iTunes 10.4.1.10 Apple iTunes 10.4.1 Apple iTunes 10.4.0.80 Apple iTunes 10.4 Apple iTunes 10.3.1 Apple iTunes 10.3 Apple iTunes 10.2.2.12 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iTunes 10.1.1.4 Apple iTunes 10.1.1 Apple iTunes 10.1 Apple iTunes 10.0.1 Apple iTunes 10 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 5 0 Apple iOS 4 0 Apple iOS 3 0 Apple iOS 10.2.1 Apple iOS 10.0.1 Apple iOS 9.3.4 Apple iOS 9.3.3 Apple iOS 9.3.2 Apple iOS 9.3.1 Apple iOS 9.2.1 Apple iOS 9.0.2 Apple iOS 9.0.1 Apple iOS 8.4.1 Apple iOS 7.2 Apple iOS 7.0.6 Apple iOS 7.0.5 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 9.3.5 Apple iOS 9.3 Apple iOS 9.2 Apple iOS 9.1 Apple iOS 9 Apple iOS 8.4 Apple iOS 8.3 Apple iOS 8.2 Apple iOS 8.1.3 Apple iOS 8.1.2 Apple iOS 8.1.1 Apple iOS 8.1 Apple iOS 8 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple iOS 11.3.1 Apple iOS 11.3 Apple iOS 11.2.6 Apple iOS 11.2.5 Apple iOS 11.2.2 Apple iOS 11.2.1 Apple iOS 11.2 Apple iOS 11.1 Apple iOS 11 Apple iOS 10.3.3 Apple iOS 10.3.2 Apple iOS 10.3.1 Apple iOS 10.3 Apple iOS 10.2 Apple iOS 10.1 Apple iOS 10 Apple iCloud 6.1.1 Apple iCloud 7.4 Apple iCloud 7.3 Apple iCloud 7.2 Apple iCloud 7.0 Apple iCloud 6.2.2 Apple iCloud 6.2.1 Apple iCloud 6.2 Apple iCloud 6.1 Apple iCloud 6.0.1 Apple iCloud 6.0
Not Vulnerable:	Apple watchOS 4.3.1 Apple tvOS 11.4 Apple Security Update 2018-003 Sierra 0 Apple Security Update 2018-003 El Capitan 0 Apple macOS 10.13.5 Apple iTunes 12.7.5 Apple iOS 11.4 Apple iCloud 7.5

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes are prone to a local authorization-bypass vulnerability.

A local attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Failed exploits will result in denial-of-service condition.

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability

References:

• Apple Home Page (Apple)
  
• APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5 (Apple)
  
• APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 (Apple)
  
• APPLE-SA-2018-06-01-4 iOS 11.4 (Apple)
  
• APPLE-SA-2018-06-01-5 watchOS 4.3.1 (Apple)
  
• APPLE-SA-2018-06-01-6 tvOS 11.4 (Apple)
  
• APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows (Apple)