This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

Released July 22, 2019

**Bluetooth**

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England

The changes for this issue mitigate CVE-2020-10135.

Entry added August 13, 2019, updated June 25, 2020

**Core Data**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8646: natashenka of Google Project Zero

**Core Data**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8647: Samuel Groß and natashenka of Google Project Zero

**Core Data**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-8660: Samuel Groß and natashenka of Google Project Zero

**Game Center**

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to read a persistent account identifier

Description: This issue was addressed with a new entitlement.

CVE-2019-8702: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.

Entry added February 24, 2020

**Heimdal**

Available for: Apple TV 4K and Apple TV HD

Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst

**Image Processing**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: A denial of service issue was addressed with improved validation.

CVE-2019-8668: an anonymous researcher

Entry added October 8, 2019

**libxslt**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to view sensitive information

Description: A stack overflow was addressed with improved input validation.

CVE-2019-13118: found by OSS-Fuzz

**Profiles**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to restrict access to websites

Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Carabaș and Răzvan Deaconescu of University POLITEHNICA of Bucharest

**Quick Look**

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary

Description: This issue was addressed with improved checks.

CVE-2019-8662: natashenka and Samuel Groß of Google Project Zero

**Siri**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8646: natashenka of Google Project Zero

**UIFoundation**

Available for: Apple TV 4K and Apple TV HD

Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management.

CVE-2019-8690: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management.

CVE-2019-8649: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative

CVE-2019-8666: Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.

CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative

CVE-2019-8671: Apple

CVE-2019-8672: Samuel Groß of Google Project Zero

CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech

CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech

CVE-2019-8677: Jihui Lu of Tencent KeenLab

CVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight\_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan\_h0) of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of Venustech

CVE-2019-8679: Jihui Lu of Tencent KeenLab

CVE-2019-8680: Jihui Lu of Tencent KeenLab

CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative

CVE-2019-8683: lokihardt of Google Project Zero

CVE-2019-8684: lokihardt of Google Project Zero

CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL

CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day Initiative

CVE-2019-8687: Apple

CVE-2019-8688: Insu Yun of SSLab at Georgia Tech

CVE-2019-8689: lokihardt of Google Project Zero

Entry updated September 11, 2019

CVE-2019-8702: About the security content of tvOS 12.4

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

Released September 24, 2019

**AppleFirmwareUpdateKext**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8747: Mohamed Ghannam (@\_simo36)

Entry added October 29, 2019

**Audio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8706: Yu Zhou of Ant-Financial Light-Year Security Lab

Entry added October 29, 2019

**Audio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted audio file may disclose restricted memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8850: Anonymous working with Trend Micro Zero Day Initiative

Entry added December 4, 2019

**CFNetwork**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: This issue was addressed with improved checks.

CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland

Entry added October 29, 2019

**CoreAudio**

Available for: Apple TV 4K and Apple TV HD

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added November 6, 2019

**CoreCrypto**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a large input may lead to a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2019-8741: Nicky Mouha of NIST

Entry added October 29, 2019

**CoreAudio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted movie may result in the disclosure of process memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added October 8, 2019

**Foundation**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8746: natashenka and Samuel Groß of Google Project Zero

Entry added October 29, 2019

**IOUSBDeviceFamily**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8718: Joshua Hill and Sem Voigtländer

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to gain elevated privileges

Description: This issue was addressed with improved entitlements.

CVE-2019-8703: an anonymous researcher

Entry added March 16, 2021

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8740: Mohamed Ghannam (@\_simo36)

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A local app may be able to read a persistent account identifier

Description: A validation issue was addressed with improved logic.

CVE-2019-8809: Apple

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8712: Mohamed Ghannam (@\_simo36)

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to determine kernel memory layout

Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.

CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8709: derrek (@derrekr6) derrek (@derrekr6)

Entry added October 29, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8717: Jann Horn of Google Project Zero

Entry added October 8, 2019

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to determine kernel memory layout

Description: The issue was addressed with improved permissions logic.

CVE-2019-8780: Siguza

Entry added October 8, 2019

**Keyboards**

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to leak sensitive user information

Description: An authentication issue was addressed with improved state management.

CVE-2019-8704: 王 邦 宇 (wAnyBug.Com) of SAINTSEC

**libxml2**

Available for: Apple TV 4K and Apple TV HD

Impact: Multiple issues in libxml2

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8749: found by OSS-Fuzz

CVE-2019-8756: found by OSS-Fuzz

Entry added October 8, 2019

**libxslt**

Available for: Apple TV 4K and Apple TV HD

Impact: Multiple issues in libxslt

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8750: found by OSS-Fuzz

Entry added October 29, 2019

**mDNSResponder**

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications

Description: This issue was resolved by replacing device names with a random identifier.

CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt

Entry added October 29, 2019

**UIFoundation**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added October 8, 2019

**UIFoundation**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8831: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added November 18, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8625: Sergei Glazunov of Google Project Zero

CVE-2019-8719: Sergei Glazunov of Google Project Zero

CVE-2019-8764: Sergei Glazunov of Google Project Zero

Entry added October 8, 2019, updated October 29, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative

CVE-2019-8710: found by OSS-Fuzz

CVE-2019-8726: Jihui Lu of Tencent KeenLab

CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation

CVE-2019-8733: Sergei Glazunov of Google Project Zero

CVE-2019-8734: found by OSS-Fuzz

CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative

CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group

CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8763: Sergei Glazunov of Google Project Zero

CVE-2019-8765: Samuel Groß of Google Project Zero

CVE-2019-8766: found by OSS-Fuzz

CVE-2019-8773: found by OSS-Fuzz

Entry added October 8, 2019, updated October 29, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A validation issue was addressed with improved logic.

CVE-2019-8762: Sergei Glazunov of Google Project Zero

Entry added November 18, 2019

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9932: Dongzhuo Zhao working with ADLab of Venustech

Entry added July 28, 2020

**Wi-Fi**

Available for: Apple TV 4K and Apple TV HD

Impact: A device may be passively tracked by its Wi-Fi MAC address

Description: A user privacy issue was addressed by removing the broadcast MAC address.

CVE-2019-8854: Ta-Lun Yen of UCCU Hacker and FuriousMacTeam of the United States Naval Academy and the Mitre Cooperation

Entry added December 4, 2019

CVE-2019-8703: About the security content of tvOS 13

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.

Released March 24, 2020

**Accounts**

Available for: macOS Catalina 10.15.3

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9772: Allison Husain of UC Berkeley

Entry added May 21, 2020

**Apple HSSPI Support**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team

Entry updated May 1, 2020

**AppleGraphicsControl**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed with improved state management.

CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team

**AppleMobileFileIntegrity**

Available for: macOS Catalina 10.15.3

Impact: An application may be able to use arbitrary entitlements

Description: This issue was addressed with improved checks.

CVE-2020-3883: Linus Henze (pinauten.de)

**Bluetooth**

Available for: macOS Catalina 10.15.3

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.

CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab

Entry added May 21, 2020

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to determine kernel memory layout

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9853: Yu Wang of Didi Research America

Entry added May 21, 2020

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3907: Yu Wang of Didi Research America

CVE-2020-3908: Yu Wang of Didi Research America

CVE-2020-3912: Yu Wang of Didi Research America

CVE-2020-9779: Yu Wang of Didi Research America

Entry updated September 21, 2020

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3892: Yu Wang of Didi Research America

CVE-2020-3893: Yu Wang of Didi Research America

CVE-2020-3905: Yu Wang of Didi Research America

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab

**Call History**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to access a user's call history

Description: This issue was addressed with a new entitlement.

CVE-2020-9776: Benjamin Randazzo (@\_\_\_\_benjamin)

**CoreBluetooth**

Available for: macOS Catalina 10.15.3

Impact: A remote attacker may be able to leak sensitive user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab

Entry added May 13, 2020

**CoreFoundation**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to elevate privileges

Description: A permissions issue existed. This issue was addressed with improved permission validation.

CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG

**CoreText**

Available for: macOS Catalina 10.15.3

Impact: Processing a maliciously crafted text message may lead to application denial of service

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com

Entry added May 21, 2020

**CUPS**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-3898: Stephan Zeisberg (github.com/stze) of Security Research Labs (srlabs.de)

Entry added April 8, 2020

**FaceTime**

Available for: macOS Catalina 10.15.3

Impact: A local user may be able to view sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology

**Intel Graphics Driver**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-3886: Proteas

Entry added March 16, 2021

**Intel Graphics Driver**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may disclose restricted memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina

**IOHIDFamily**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3919: Alex Plaskett of F-Secure Consulting

Entry updated May 21, 2020

**IOThunderboltFamily**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

**iTunes**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to overwrite arbitrary files

Description: This issue was addressed by removing the vulnerable code.

CVE-2020-3896: Christoph Falta

Entry added March 16, 2021

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3914: pattern-f (@pattern\_F\_) of WaCai

**Kernel**

Available for: macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed with improved state management.

CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team

**libxml2**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2020-3909: LGTM.com

CVE-2020-3911: found by OSS-Fuzz

**libxml2**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-3910: LGTM.com

**Mail**

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A remote attacker may be able to cause arbitrary javascript code execution

Description: An injection issue was addressed with improved validation.

CVE-2020-3884: Apple

**Printing**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to overwrite arbitrary files

Description: A path handling issue was addressed with improved validation.

CVE-2020-3915: An anonymous researcher working with iDefense Labs (https://vcp.idefense.com/), HyungSeok Han (DaramG) @Theori working with TrendMicro’s Zero Day Initiative

Entry added May 1, 2020

**Safari**

Available for: macOS Catalina 10.15.3

Impact: A user's private browsing activity may be unexpectedly saved in Screen Time

Description: An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling.

CVE-2020-9775: Andrian (@retroplasma), Marat Turaev, Marek Wawro (futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland

Entry added May 13, 2020

**Sandbox**

Available for: macOS Catalina 10.15.3

Impact: A user may gain access to protected parts of the file system

Description: This issue was addressed with a new entitlement.

CVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added May 21, 2020

**Sandbox**

Available for: macOS Catalina 10.15.3

Impact: A local user may be able to view sensitive user information

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2020-3918: an anonymous researcher, Augusto Alvarez of Outcourse Limited

Entry added April 8, 2020, updated May 21, 2020

**sudo**

Available for: macOS Catalina 10.15.3

Impact: An attacker may be able to run commands as a non-existent user

Description: This issue was addressed by updating to sudo version 1.8.31.

CVE-2019-19232

**sysdiagnose**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to trigger a sysdiagnose

Description: This issue was addressed with improved checks

CVE-2020-9786: Dayton Pidhirney (@\_watbulb) of Seekintoo (@seekintoo)

Entry added April 4, 2020

**TCC**

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A maliciously crafted application may be able to bypass code signing enforcement

Description: A logic issue was addressed with improved restrictions.

CVE-2020-3906: Patrick Wardle of Jamf

**Time Machine**

Available for: macOS Catalina 10.15.3

Impact: A local user may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2020-3889: Lasse Trolle Borup of Danish Cyber Defence

**Vim**

Available for: macOS Catalina 10.15.3

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating to version 8.1.1850.

CVE-2020-9769: Steve Hahn of LinkedIn

**WebKit**

Available for: macOS Catalina 10.15.3

Impact: Some websites may not have appeared in Safari Preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9787: Ryan Pickren (ryanpickren.com)

Entry added April 8, 2020

**WebKit**

Available for: macOS Catalina 10.15.3

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)

Entry added July 28, 2020

CVE-2020-3886: About the security content of macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra

CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

Released September 24, 2018

**Bluetooth**

Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012), iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012), Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-5383: Lior Neumann and Eli Biham

The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580)

**afpserver**

Impact: A remote attacker may be able to attack AFP servers through HTTP clients

Description: An input validation issue was addressed with improved input validation.

CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley

Entry added October 30, 2018

**App Store**

Impact: A malicious application may be able to determine the Apple ID of the owner of the computer

Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.

CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc.

**AppleGraphicsControl**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**Application Firewall**

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A configuration issue was addressed with additional restrictions.

CVE-2018-4353: Abhinav Bansal of LinkedIn Inc.

Entry updated October 30, 2018

**APR**

Impact: Multiple buffer overflow issues existed in Perl

Description: Multiple issues in Perl were addressed with improved memory handling.

CVE-2017-12613: Craig Young of Tripwire VERT

CVE-2017-12618: Craig Young of Tripwire VERT

Entry added October 30, 2018

**ATS**

Impact: A malicious application may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**ATS**

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2018-4308: Mohamed Ghannam (@\_simo36)

Entry added October 30, 2018

**Auto Unlock**

Impact: A malicious application may be able to access local users AppleIDs

Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

**CFNetwork**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4126: Bruno Keith (@bkth\_) working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**CoreFoundation**

Impact: A malicious application may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4412: The UK's National Cyber Security Centre (NCSC)

Entry added October 30, 2018

**CoreFoundation**

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4414: The UK's National Cyber Security Centre (NCSC)

Entry added October 30, 2018

**CoreText**

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2018-4347: Vasyl Tkachuk of Readdle

Entry added October 30, 2018, updated December 13, 2018

**Crash Reporter**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4333: Brandon Azad

**CUPS**

Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content

Description: An injection issue was addressed with improved validation.

CVE-2018-4153: Michael Hanselmann of hansmi.ch

Entry added October 30, 2018

**CUPS**

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A denial of service issue was addressed with improved validation.

CVE-2018-4406: Michael Hanselmann of hansmi.ch

Entry added October 30, 2018

**Dictionary**

Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information

Description: A validation issue existed which allowed local file access. This was addressed with input sanitization.

CVE-2018-4346: Wojciech Reguła (@\_r3ggi) of SecuRing

Entry added October 30, 2018

**DiskArbitration**

Impact: A malicious application may be able to modify contents of the EFI system partition and execute arbitrary code with kernel privileges if secure boot is not enabled

Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.

CVE-2018-4296: Vitaly Cheptsov

Entry updated January 22, 2019

**dyld**

Impact: A malicious application may be able to modify protected parts of the file system

Description: A configuration issue was addressed with additional restrictions.

CVE-2018-4433: Vitaly Cheptsov

Entry updated January 22, 2019

**fdesetup**

Impact: Institutional recovery keys may be incorrectly reported as present

Description: A logic issue was addressed with improved state management.

CVE-2019-8643: Arun Sharma of VMWare

Entry added August 1, 2019

**Firmware**

Impact: An attacker with physical access to a device may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2017-5731: Intel and Eclypsium

CVE-2017-5732: Intel and Eclypsium

CVE-2017-5733: Intel and Eclypsium

CVE-2017-5734: Intel and Eclypsium

CVE-2017-5735: Intel and Eclypsium

Entry added June 24, 2019

**Grand Central Dispatch**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4426: Brandon Azad

Entry added October 30, 2018

**Heimdal**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4331: Brandon Azad

CVE-2018-4332: Brandon Azad

CVE-2018-4343: Brandon Azad

Entry added October 30, 2018

**Hypervisor**

Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis

Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry.

CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide

Entry added October 30, 2018

**iBooks**

Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information

Description: A configuration issue was addressed with additional restrictions.

CVE-2018-4355: evi1m0 of bilibili security team

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4396: Yu Wang of Didi Research America

CVE-2018-4418: Yu Wang of Didi Research America

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4350: Yu Wang of Didi Research America

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4334: Ian Beer of Google Project Zero

Entry added October 30, 2018

**Intel Graphics Driver**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4451: Tyler Bohan of Cisco Talos

CVE-2018-4456: Tyler Bohan of Cisco Talos

Entry added December 21, 2018, updated January 22, 2019

**IOHIDFamily**

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4408: Ian Beer of Google Project Zero

Entry added October 30, 2018, updated August 1, 2019

**IOKit**

Impact: A malicious application may be able to break out of its sandbox

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4341: Ian Beer of Google Project Zero

CVE-2018-4354: Ian Beer of Google Project Zero

Entry added October 30, 2018

**IOKit**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2018-4383: Apple

Entry added October 30, 2018

**IOUserEthernet**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4401: Apple

Entry added October 30, 2018

**Kernel**

Impact: A malicious application may be able to leak sensitive user information

Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.

CVE-2018-4399: Fabiano Anemone (@anoane)

Entry added October 30, 2018

**Kernel**

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4407: Kevin Backhouse of Semmle Ltd.

Entry added October 30, 2018

**Kernel**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4336: Brandon Azad

CVE-2018-4337: Ian Beer of Google Project Zero

CVE-2018-4340: Mohamed Ghannam (@\_simo36)

CVE-2018-4344: The UK's National Cyber Security Centre (NCSC)

CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative

Entry updated October 30, 2018

**LibreSSL**

Impact: Multiple issues in libressl were addressed in this update

Description: Multiple issues were addressed by updating to libressl version 2.6.4.

CVE-2015-3194

CVE-2015-5333

CVE-2015-5334

CVE-2016-0702

Entry added October 30, 2018, updated December 13, 2018

**Login Window**

Impact: A local user may be able to cause a denial of service

Description: A validation issue was addressed with improved logic.

CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity

Entry added October 30, 2018

**mDNSOffloadUserClient**

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team

Entry added October 30, 2018

**MediaRemote**

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs

Entry added October 30, 2018

**Microcode**

Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis

Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel.

CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC)

Entry added October 30, 2018

**Security**

Impact: A local user may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2018-4395: Patrick Wardle of Digita Security

Entry added October 30, 2018

**Security**

Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

Description: This issue was addressed by removing RC4.

CVE-2016-1777: Pepi Zawodsky

**Spotlight**

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4393: Lufeng Li

Entry added October 30, 2018

**Symptom Framework**

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2018-4203: Bruno Keith (@bkth\_) working with Trend Micro's Zero Day Initiative

Entry added October 30, 2018

**Text**

Impact: Processing a maliciously crafted text file may lead to a denial of service

Description: A denial of service issue was addressed with improved validation.

CVE-2018-4304: jianan.huang (@Sevck)

Entry added October 30, 2018

**Wi-Fi**

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative

Entry added October 23, 2018

CVE-2019-8643: About the security content of macOS Mojave 10.14

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Released September 12, 2017

**CFNetwork**

Available for: Windows 7 and later

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative 

CVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative

Entry added November 10, 2017

**ImageIO**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.

CVE-2017-13831: Glen Carmichael

Entry added October 31, 2017, updated November 10, 2017

**libxml2**

Available for: Windows 7 and later

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore

Entry added October 18, 2018

**libxml2**

Available for: Windows 7 and later

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2017-7376: an anonymous researcher

CVE-2017-5130: an anonymous researcher

Entry added October 18, 2018

**libxml2**

Available for: Windows 7 and later

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero

Entry added October 18, 2018

**libxml2**

Available for: All Apple Watch models

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A null pointer dereference was addressed with improved validation.

CVE-2018-4302: Gustavo Grieco

Entry added October 18, 2018

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-7081: Apple

Entry added September 25, 2017

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-7087: Apple

CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro’s Zero Day Initiative

CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team

CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group

CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro’s Zero Day Initiative

CVE-2017-7096: Wei Yuan of Baidu Security Lab

CVE-2017-7098: Felipe Freitas of Instituto Tecnológico de Aeronáutica

CVE-2017-7099: Apple

CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53

CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University

CVE-2017-7104: likemeng of Baidu Secutity Lab

CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University

CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative

CVE-2017-7117: lokihardt of Google Project Zero

CVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security Lab

Entry added September 25, 2017

**WebKit**

Available for: Windows 7 and later

Impact: Cookies belonging to one origin may be sent to another origin

Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.

CVE-2017-7090: Apple

Entry added September 25, 2017

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: Application Cache policy may be unexpectedly applied.

CVE-2017-7109: avlidienbrunn

Entry added September 25, 2017

CVE-2018-4302: About the security content of iTunes 12.7 for Windows

A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

Released June 1, 2018

**Accessibility Framework**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An information disclosure issue existed in Accessibility Framework. This issue was addressed with improved memory management.

CVE-2018-4196: Alex Plaskett, Georgi Geshev and Fabian Beterke of MWR Labs working with Trend Micro’s Zero Day Initiative, and WanderingGlitch of Trend Micro Zero Day Initiative

Entry updated July 19, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2018-4253: shrek\_wzw of Qihoo 360 Nirvan Team

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2018-4256: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added July 19, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2018-4255: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 18, 2018, updated December 14, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4254: an anonymous researcher

Entry added October 18, 2018

**AMD**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4254: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 24, 2018

**AppleGraphicsControl**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2018-4258: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 18, 2018

**AppleGraphicsPowerManagement**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved size validation.

CVE-2018-4257: shrek\_wzw of Qihoo 360 Nirvan Team

Entry added October 18, 2018

**apache\_mod\_php**

Available for: macOS High Sierra 10.13.4

Impact: Issues in php were addressed in this update

Description: This issue was addressed by updating to php version 7.1.16.

CVE-2018-7584: Wei Lei and Liu Yang of Nanyang Technological University

**ATS**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application may be able to elevate privileges

Description: A type confusion issue was addressed with improved memory handling.

CVE-2018-4219: Mohamed Ghannam (@\_simo36)

**Bluetooth**

Available for: MacBook Pro (Retina, 15-inch, Mid 2015), MacBook Pro (Retina, 15-inch, 2015), MacBook Pro (Retina, 13-inch, Early 2015), MacBook Pro (15-inch, 2017), MacBook Pro (15-inch, 2016), MacBook Pro (13-inch, Late 2016, Two Thunderbolt 3 Ports), MacBook Pro (13-inch, Late 2016, Four Thunderbolt 3 Ports), MacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports), MacBook (Retina, 12-inch, Early 2016), MacBook (Retina, 12-inch, Early 2015), MacBook (Retina, 12-inch, 2017), iMac Pro, iMac (Retina 5K, 27-inch, Late 2015), iMac (Retina 5K, 27-inch, 2017), iMac (Retina 4K, 21.5-inch, Late 2015), iMac (Retina 4K, 21.5-inch, 2017), iMac (21.5-inch, Late 2015), and iMac (21.5-inch, 2017)

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-5383: Lior Neumann and Eli Biham

Entry added July 23, 2018

**Bluetooth**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6

Impact: A malicious application may be able to determine kernel memory layout.

Description: An information disclosure issue existed in device properties. This issue was addressed with improved object management.

CVE-2018-4171: shrek\_wzw of Qihoo 360 Nirvan Team

**CoreGraphics**

Available for: macOS High Sierra 10.13.4

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2018-4194: Jihui Lu of Tencent KeenLab, Yu Zhou of Ant-financial Light-Year Security Lab

Entry added June 21, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A local process may modify other processes without entitlement checks

Description: An issue existed in CUPS. This issue was addressed with improved access restrictions.

CVE-2018-4180: Dan Bastone of Gotham Digital Science

Entry added July 11, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read arbitrary files as root

Description: An issue existed in CUPS. This issue was addressed with improved access restrictions.

CVE-2018-4181: Eric Rafaloff and John Dunlap of Gotham Digital Science

Entry added July 11, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on CUPS.

CVE-2018-4182: Dan Bastone of Gotham Digital Science

Entry added July 11, 2018

**CUPS**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2018-4183: Dan Bastone and Eric Rafaloff of Gotham Digital Science

Entry added July 11, 2018

**EFI**

Available for: macOS High Sierra 10.13.4

Impact: An attacker with physical access to a device may be able to elevate privileges

Description: A validation issue was addressed with improved logic.

CVE-2018-4478: an anonymous researcher, an anonymous researcher, Ben Erickson of Trusted Computer Consulting, LLC

Entry added February 15, 2019

**Firmware**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application with root privileges may be able to modify the EFI flash memory region

Description: A device configuration issue was addressed with an updated configuration.

CVE-2018-4251: Maxim Goryachy and Mark Ermolov

**FontParser**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team

**Grand Central Dispatch**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An issue existed in parsing entitlement plists. This issue was addressed with improved input validation.

CVE-2018-4229: Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg

**Graphics Drivers**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4159: Axis and pjf of IceSword Lab of Qihoo 360

**Hypervisor**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team

Entry added October 30, 2018

**iBooks**

Available for: macOS High Sierra 10.13.4

Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks

Description: An input validation issue was addressed with improved input validation.

CVE-2018-4202: Jerry Decime

**Identity Services**

Available for: macOS High Sierra 10.13.4

Impact: A malicious application may be able to access local users AppleIDs

Description: A privacy issue in the handling of Open Directory records was addressed with improved indexing.

CVE-2018-4217: Jacob Greenfield of Commonwealth School

Entry added December 10, 2018

**Intel Graphics Driver**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4141: an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team

**IOFireWireAVC**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2018-4228: Benjamin Gnahm (@mitp0sh) of Mentor Graphics

**IOGraphics**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4236: Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team

**IOHIDFamily**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4234: Proteas of Qihoo 360 Nirvan Team

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

Entry updated December 18, 2018

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception after certain instructions. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes.

CVE-2018-8897: Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC

**Kernel**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2018-4241: Ian Beer of Google Project Zero

CVE-2018-4243: Ian Beer of Google Project Zero

**libxpc**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved validation.

CVE-2018-4237: Samuel Groß (@5aelo) working with Trend Micro’s Zero Day Initiative

**libxpc**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4404: Samuel Groß (@5aelo) working with Trend Micro’s Zero Day Initiative

Entry added October 30, 2018

**Mail**

Available for: macOS High Sierra 10.13.4

Impact: An attacker may be able to exfiltrate the contents of S/MIME- encrypted e-mail

Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail.

CVE-2018-4227: Damian Poddebniak of Münster University of Applied Sciences, Christian Dresen of Münster University of Applied Sciences, Jens Müller of Ruhr University Bochum, Fabian Ising of Münster University of Applied Sciences, Sebastian Schinzel of Münster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, Jörg Schwenk of Ruhr University Bochum

**Messages**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to conduct impersonation attacks

Description: An injection issue was addressed with improved input validation.

CVE-2018-4235: Anurodh Pokharel of Salesforce.com

**Messages**

Available for: macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted message may lead to a denial of service

Description: This issue was addressed with improved message validation.

CVE-2018-4240: Sriram (@Sri\_Hxor) of PrimeFort Pvt. Ltd

**NVIDIA Graphics Drivers**

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2018-4230: Ian Beer of Google Project Zero

**Security**

Available for: macOS High Sierra 10.13.4

Impact: Users may be tracked by malicious websites using client certificates

Description: An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates.

CVE-2018-4221: Damian Poddebniak of Münster University of Applied Sciences, Christian Dresen of Münster University of Applied Sciences, Jens Müller of Ruhr University Bochum, Fabian Ising of Münster University of Applied Sciences, Sebastian Schinzel of Münster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, Jörg Schwenk of Ruhr University Bochum

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read a persistent account identifier

Description: An authorization issue was addressed with improved state management.

CVE-2018-4223: Abraham Masri (@cheesecakeufo)

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to read a persistent device identifier

Description: An authorization issue was addressed with improved state management.

CVE-2018-4224: Abraham Masri (@cheesecakeufo)

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to modify the state of the Keychain

Description: An authorization issue was addressed with improved state management.

CVE-2018-4225: Abraham Masri (@cheesecakeufo)

**Security**

Available for: macOS High Sierra 10.13.4

Impact: A local user may be able to view sensitive user information

Description: An authorization issue was addressed with improved state management.

CVE-2018-4226: Abraham Masri (@cheesecakeufo)

**Speech**

Available for: macOS High Sierra 10.13.4

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A sandbox issue existed in the handling of microphone access. This issue was addressed with improved handling of microphone access.

CVE-2018-4184: Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg

**UIKit**

Available for: macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted text file may lead to a denial of service

Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text.

CVE-2018-4198: Hunter Byrnes

**Windows Server**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4193: Markus Gaasedelen, Amy Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro’s Zero Day Initiative, Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative

Entry updated October 8, 2019

CVE-2018-4478: About the security content of macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords.

This document describes the security content of Apple Remote Desktop 3.9.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.

Apple security documents reference vulnerabilities by CVE-ID when possible.

![](https://support.apple.com/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)

**Apple Remote Desktop 3.9**

Released February 21, 2017

**Authentication**

Available for: OS X Yosemite v10.10.5 and later

Impact: An attacker may be able to capture cleartext passwords

Description: A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol.

CVE-2017-2488

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: April 01, 2017

CVE-2017-2488: About the security content of Apple Remote Desktop 3.9

An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.

Released January 23, 2017

**APNs Server**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker in a privileged network position can track a user's activity

Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.

CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)

Entry added March 28, 2017

**Call History**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Updates for CallKit call history are sent to iCloud

Description: An issue existed in preventing the uploading of CallKit call history to iCloud.  This issue was addressed through improved logic.

CVE-2017-2375: Elcomsoft

Entry added February 21, 2017

**Contacts**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted contact card may lead to unexpected application termination

Description: An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation.

CVE-2017-2368: Vincent Desmurs (vincedes3)

**Kernel**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-2370: Ian Beer of Google Project Zero

**Kernel**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2360: Ian Beer of Google Project Zero

**libarchive**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2016-8687: Agostino Sarubbo of Gentoo

**Unlock with iPhone**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Apple Watch may unlock when off the user’s wrist

Description: A logic issue was addressed through improved state management.

CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd

Entry updated January 25, 2017

**WebKit**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A prototype access issue was addressed through improved exception handling.

CVE-2017-2350: Gareth Heyes of Portswigger Web Security

**WebKit**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative

CVE-2017-2362: Ivan Fratric of Google Project Zero

CVE-2017-2373: Ivan Fratric of Google Project Zero

**WebKit**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory initialization issue was addressed through improved memory handling.

CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016

**WebKit**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016

CVE-2017-2369: Ivan Fratric of Google Project Zero

CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)

**WebKit**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.

CVE-2017-2363: lokihardt of Google Project Zero

CVE-2017-2364: lokihardt of Google Project Zero

**WebKit**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious website can open popups

Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation.

CVE-2017-2371: lokihardt of Google Project Zero

**WebKit**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of variable handling. This issue was addressed through improved validation.

CVE-2017-2365: lokihardt of Google Project Zero

**Wi-Fi**

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An activation-locked device can be manipulated to briefly present the home screen

Description: An issue existed with handling user input that caused a device to present the home screen even when activation locked. This was addressed through improved input validation.

CVE-2017-2351: Hemanth Joseph, Sriram (@Sri\_Hxor) of Primefort Pvt. Ltd., Mohamd Imran

Entry updated February 21, 2017

CVE-2017-2375: About the security content of iOS 10.2.1

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege.

Released December 5, 2017

**Auto Unlock**

Available for: All Apple Watch models

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2017-13905: Samuel Groß (@5aelo)

Entry added October 18, 2018

**CFNetwork Session**

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative

Entry added January 22, 2018

**CoreAnimation**

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with elevated privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen\_lab) working with Trend Micro's Zero Day Initiative

Entry added January 22, 2018

**CoreFoundation**

Available for: All Apple Watch models

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2017-7151: Samuel Groß (@5aelo)

Entry added October 18, 2018

**IOKit**

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7162: Tencent Keen Security Lab (@keen\_lab) working with Trend Micro's Zero Day Initiative

Entry added December 21, 2017, updated January 10, 2018

**IOSurface**

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13861: Ian Beer of Google Project Zero

**Kernel**

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13904: Kevin Backhouse of Semmle Ltd.

Entry added February 14, 2018

**Kernel**

Available for: All Apple Watch models

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.

CVE-2017-7154: Jann Horn of Google Project Zero

Entry added January 10, 2018

**Kernel**

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13862: Apple

CVE-2017-13867: Ian Beer of Google Project Zero

CVE-2017-13876: Ian Beer of Google Project Zero

Entry updated December 21, 2017

**Kernel**

Available for: All Apple Watch models

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2017-7173: Brandon Azad

Entry updated August 1, 2018

**Kernel**

Available for: All Apple Watch models

Impact: An application may be able to read restricted memory

Description: A type confusion issue was addressed with improved memory handling.

CVE-2017-13855: Jann Horn of Google Project Zero

**Kernel**

Available for: All Apple Watch models

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13865: Ian Beer of Google Project Zero

CVE-2017-13868: Brandon Azad

CVE-2017-13869: Jann Horn of Google Project Zero

Entry updated December 21, 2017

**Kernel**

Available for: All Apple Watch models

Impact: An application may be able to execute arbitrary code with kernel privilege

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13880: Apple

Entry added October 18, 2018

**WebKit**

Available for: All Apple Watch models

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative

Entry updated January 22, 2017

**WebKit**

Available for: All Apple Watch models

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative

Entry updated January 22, 2017

**WebKit**

Available for: All Apple Watch models

Impact: Visiting a malicious website may lead to user interface spoofing

Description: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.

CVE-2017-7153: Jerry Decime

Entry added January 11, 2018

**Wi-Fi**

Available for: Apple Watch (1st Generation) and Apple Watch Series 3  
Released for Apple Watch Series 1 and Apple Watch Series 2 in watchOS 4.1.

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

CVE-2017-13880: About the security content of watchOS 4.2

An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.

Released December 6, 2017

**APFS**

Available for: macOS High Sierra 10.13.1

Impact: APFS encryption keys may not be securely deleted after hibernating

Description: A logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.

CVE-2017-13887: David Ryskalczyk

Entry added June 21, 2018

**apache**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory

Description: Multiple issues were addressed by updating to version 2.4.28.

CVE-2017-9798: Hanno Böck

Entry updated December 18, 2018

**Auto Unlock**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2017-13905: Samuel Groß (@5aelo)

Entry added October 18, 2018

**CFNetwork Session**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative

Entry added January 22, 2018

**Contacts**

Available for: macOS High Sierra 10.13.1

Impact: Sharing contact information may lead to unexpected data sharing

Description: An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. 

CVE-2017-13892: Ryan Manly of Glenbrook High School District 225

Entry added October 18, 2018

**CoreAnimation**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with elevated privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen\_lab) working with Trend Micro's Zero Day Initiative

Entry added January 22, 2018

**CoreFoundation**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2017-7151: Samuel Groß (@5aelo)

Entry added October 18, 2018

**curl**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory

Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking.

CVE-2017-1000254: Max Dymond

**Directory Utility**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Not impacted: macOS Sierra 10.12.6 and earlier 

Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.

CVE-2017-13872

**ICU**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to read restricted memory

Description: An integer overflow was addressed through improved input validation.

CVE-2017-15422: Yuan Deng of Ant-financial Light-Year Security Lab

Entry added March 14, 2018

**Intel Graphics Driver**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13883: Yu Wang of Didi Research America

CVE-2017-7163: Yu Wang of Didi Research America

CVE-2017-7155: Yu Wang of Didi Research America

Entry updated December 21, 2017 

**Intel Graphics Driver**

Available for: macOS High Sierra 10.13.1

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.

CVE-2017-13878: Ian Beer of Google Project Zero

**Intel Graphics Driver**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2017-13875: Ian Beer of Google Project Zero

**IOAcceleratorFamily**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7159: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)

Entry updated December 21, 2017 

**IOKit**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with system privileges

Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.

CVE-2017-13848: Alex Plaskett of MWR InfoSecurity

CVE-2017-13858: an anonymous researcher

**IOKit**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with system privileges

Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2017-13847: Ian Beer of Google Project Zero

**IOKit**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7162: Tencent Keen Security Lab (@keen\_lab) working with Trend Micro's Zero Day Initiative

Entry updated January 10, 2018

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13904: Kevin Backhouse of Semmle Ltd.

Entry added February 14, 2018

**Kernel**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to read kernel memory (Meltdown)

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

CVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)

Entry updated January 5, 2018

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13862: Apple

CVE-2017-13867: Ian Beer of Google Project Zero

Entry updated December 21, 2017 

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2017-7173: Brandon Azad

Entry updated January 11, 2018

**Kernel**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13876: Ian Beer of Google Project Zero

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to read restricted memory

Description: A type confusion issue was addressed with improved memory handling.

CVE-2017-13855: Jann Horn of Google Project Zero

**Kernel**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13865: Ian Beer of Google Project Zero

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-13868: Brandon Azad

CVE-2017-13869: Jann Horn of Google Project Zero

**Kernel**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.

CVE-2017-7154: Jann Horn of Google Project Zero

Entry added December 21, 2017

**Mail**

Available for: macOS High Sierra 10.13.1

Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-13871: Lukas Pitschl of GPGTools

Entry updated December 21, 2017

**Mail Drafts**

Available for: macOS High Sierra 10.13.1

Impact: An attacker with a privileged network position may be able to intercept mail

Description: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.

CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH

Entry updated January 10, 2018

**OpenSSL**

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking.

CVE-2017-3735: found by OSS-Fuzz

**Perl**

Available for: macOS Sierra 10.12.6

Impact: This bugs can allow remote attackers to cause a denial of service

Description: Public CVE-2017-12837 was addressed by updating the function in Perl 5.18

CVE-2017-12837: Jakub Wilk

Entry added October 18, 2018

**Screen Sharing Server**

Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.1

Impact: A user with screen sharing access may be able to access any file readable by root

Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling.

CVE-2017-7158: Trevor Jacques of Toronto

Entry updated December 21, 2017

**SIP**

Available for: macOS High Sierra 10.13.1

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A configuration issue was addressed with additional restrictions.

CVE-2017-13911: Timothy Perfitt of Twocanoes Software

Entry updated August 8, 2018, updated September 25, 2018

**Wi-Fi**

Available for: macOS High Sierra 10.13.1

Impact: An unprivileged user may change Wi-Fi system parameters leading to denial of service

Description: An access issue existed with privileged Wi-Fi system configuration. This issue was addressed with additional restrictions.

CVE-2017-13886: David Kreitschmann and Matthias Schulz of Secure Mobile Networking Lab at TU Darmstadt

Entry added May 2, 2018

Tag

#apple