Security News

CVE-2018-4162

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Categories: Security News

CVE-2018-4163

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Categories: Security News

CVE-2018-4164

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.
Categories: Security News

CVE-2018-4165

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Categories: Security News

CVE-2018-4166

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Categories: Security News

CVE-2018-4167

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Categories: Security News

CVE-2018-4168

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.
Categories: Security News

CVE-2018-4170

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
Categories: Security News

CVE-2018-4172

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.
Categories: Security News

CVE-2018-4133

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Categories: Security News

CVE-2018-4134

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the user interface via a crafted web site.
Categories: Security News

CVE-2018-4135

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2018-4136

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
Categories: Security News

CVE-2018-4137

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
Categories: Security News

CVE-2018-4138

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
Categories: Security News

CVE-2018-4139

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2018-4140

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.
Categories: Security News

CVE-2018-4142

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string.
Categories: Security News

CVE-2018-4143

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2018-4144

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Security" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
Categories: Security News

Pages