BID:104844

Apple watchOS/tvOS/macOS/iCloud/iTunes CVE-2018-4293 Remote Security Vulnerability

Info

Apple watchOS/tvOS/macOS/iCloud/iTunes CVE-2018-4293 Remote Security Vulnerability

Bugtraq ID:	104844
Class:	Design Error
CVE:	CVE-2018-4293
Remote:	Yes
Local:	No
Published:	Jul 09 2018 12:00AM
Updated:	Jul 09 2018 12:00AM
Credit:	An anonymous researcher.
Vulnerable:	eSignal eSignal 6.0.2 Apple watchOS 10.1.1 Apple watchOS 4.3.1 Apple watchOS 3.1.3 Apple watchOS 3.1.1 Apple watchOS 2.2.2 Apple watchOS 2.2.1 Apple watchOS 2.0.1 Apple watchOS 1.0.1 Apple watchOS 4.3 Apple watchOS 4.2.3 Apple watchOS 4.2.2 Apple watchOS 4.2 Apple watchOS 4.1 Apple watchOS 4 Apple watchOS 3.2.3 Apple watchOS 3.2.2 Apple watchOS 3.2.1 Apple watchOS 3.2 Apple watchOS 3.1 Apple watchOS 3.0 Apple watchOS 3 Apple watchOS 2.2 Apple watchOS 2.1 Apple watchOS 2.0 Apple watchOS 1.0 Apple Watch Hermes 0 Apple Watch Edition 0 Apple Watch 0 Apple tvOS 11.2.6 Apple tvOS 11.2.5 Apple tvOS 10.1.1 Apple tvOS 10.0.1 Apple tvOS 9.2.2 Apple tvOS 9.2.1 Apple tvOS 9.1.1 Apple tvOS 9.2 Apple tvOS 9.1 Apple tvOS 9.0 Apple tvOS 11.4 Apple tvOS 11.2.1 Apple tvOS 11.2 Apple tvOS 11.1 Apple tvOS 11 Apple tvOS 10.2.2 Apple tvOS 10.2.1 Apple tvOS 10.2 Apple tvOS 10.1 Apple tvOS 10 Apple TV 0 Apple macOS 10.13.5 Apple iTunes 12.7.5 Apple iTunes 12.7.4 Apple iTunes 12.7.3 Apple iTunes 12.6.2 Apple iTunes 12.5.5 Apple iTunes 12.5.1 Apple iTunes 12.4.2 Apple iTunes 12.3.2 Apple iTunes 12.3.1 Apple iTunes 11.2.1 Apple iTunes 11.1.5 Apple iTunes 11.1.4 Apple iTunes 11.1.3 Apple iTunes 11.1.2 Apple iTunes 11.1.1 Apple iTunes 11.0.5 Apple iTunes 11.0.4 Apple iTunes 11.0.2 Apple iTunes 10.6.3 Apple iTunes 10.6.1 Apple iTunes 10.5.1 Apple iTunes 10.1.2 Apple iTunes 9.2.1 Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 6.0.5 Apple iTunes 6.0.4 Apple iTunes 6.0.3 Apple iTunes 6.0.1 Apple iTunes 6.0 Apple iTunes 5.0 Apple iTunes 4.8 Apple iTunes 4.7.1 Apple iTunes 4.7 Apple iTunes 4.6 Apple iTunes 4.5 Apple iTunes 4.2 .72 Apple iTunes 9.2 Apple iTunes 9.1.1 Apple iTunes 9.1 Apple iTunes 9.0.3 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 7.4 Apple iTunes 12.7.2 Apple iTunes 12.7 Apple iTunes 12.6 Apple iTunes 12.5.4 Apple iTunes 12.5.2 Apple iTunes 12.4 Apple iTunes 12.3 Apple iTunes 12.2 Apple iTunes 12.0.1 Apple iTunes 11.2 Apple iTunes 11.1 Apple iTunes 11.0.3 Apple iTunes 11.0.1 Apple iTunes 11.0.0.163 Apple iTunes 11.0 Apple iTunes 10.7 Apple iTunes 10.6.1.7 Apple iTunes 10.6 Apple iTunes 10.5.3 Apple iTunes 10.5.2 Apple iTunes 10.5.1.42 Apple iTunes 10.5 Apple iTunes 10.4.1.10 Apple iTunes 10.4.1 Apple iTunes 10.4.0.80 Apple iTunes 10.4 Apple iTunes 10.3.1 Apple iTunes 10.3 Apple iTunes 10.2.2.12 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iTunes 10.1.1.4 Apple iTunes 10.1.1 Apple iTunes 10.1 Apple iTunes 10.0.1 Apple iTunes 10 Apple iCloud 6.1.1 Apple iCloud 7.5 Apple iCloud 7.4 Apple iCloud 7.3 Apple iCloud 7.2 Apple iCloud 7.0 Apple iCloud 6.2.2 Apple iCloud 6.2.1 Apple iCloud 6.2 Apple iCloud 6.1 Apple iCloud 6.0.1 Apple iCloud 6.0

Not Vulnerable:	Apple watchOS 4.3.2 Apple tvOS 11.4.1 Apple macOS 10.13.6 Apple macOS Security Update 2018 Apple macOS Security Update 2018 Apple iTunes 12.8 Apple iCloud 7.6

Exploit / POC

Solution / Fix

Apple watchOS/tvOS/macOS/iCloud/iTunes CVE-2018-4293 Remote Security Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apple watchOS/tvOS/macOS/iCloud/iTunes CVE-2018-4293 Remote Security Vulnerability

References:

Apple Home Page (Apple)
APPLE-SA-2018-7-9-2 watchOS 4.3.2 (Apple)
APPLE-SA-2018-7-9-3 tvOS 11.4.1 (Apple)
APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra (Apple)
APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 (Apple)
APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows (Apple)