| Bluetooth |
A malicious application may be able to elevate privileges |
A buffer overflow was addressed with improved size validation. |
CVE-2018-4215 |
| Contacts |
Processing a maliciously crafted vcf file may lead to a denial of service |
A validation issue existed in the handling of phone numbers. This issue was addressed with improved validation of phone numbers. |
CVE-2018-4100 |
| FontParser |
Processing a maliciously crafted font file may lead to arbitrary code execution |
A memory corruption issue was addressed with improved validation. |
CVE-2018-4211 |
| iBooks |
An attacker in a privileged network position may be able to spoof password prompts in iBooks |
An input validation issue was addressed with improved input validation. |
CVE-2018-4202 |
| Kernel |
An application may be able to execute arbitrary code with kernel privileges |
A buffer overflow was addressed with improved bounds checking. |
CVE-2018-4241,CVE-2018-4243 |
| Kernel |
An application may be able to execute arbitrary code with kernel privileges |
A memory corruption issue was addressed with improved memory handling. |
CVE-2018-4249 |
| libxpc |
An application may be able to gain elevated privileges |
A logic issue was addressed with improved validation. |
CVE-2018-4237 |
| Magnifier |
A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen |
A permissions issue existed in Magnifier. This was addressed with additional permission checks. |
CVE-2018-4239 |
| Mail |
E-Fail Vulnerability |
An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. |
CVE-2018-4227 |
| Messages |
A local user may be able to conduct impersonation attacks |
An injection issue was addressed with improved input validation. |
CVE-2018-4235 |
| Messages |
Processing a maliciously crafted message may lead to a denial of service |
This issue was addressed with improved message validation. |
CVE-2018-4240,CVE-2018-4250 |
| Safari |
A malicious website may be able to cause a denial of service |
A denial of service issue was addressed with improved validation. |
CVE-2018-4247 |
| Security |
Users may be tracked by malicious websites using client certificates |
An issue existed in the handling of S-MIME certificaties. This issue was addressed with improved validation of S-MIME certificates. |
CVE-2018-4221 |
| Security |
A local user may be able to read a persistent account identifier |
An authorization issue was addressed with improved state management. |
CVE-2018-4223 |
| Security |
A local user may be able to read a persistent device identifier |
An authorization issue was addressed with improved state management. |
CVE-2018-4224 |
| Security |
A local user may be able to modify the state of the Keychain |
An authorization issue was addressed with improved state management. |
CVE-2018-4225 |
| Security |
A local user may be able to view sensitive user information |
An authorization issue was addressed with improved state management. |
CVE-2018-4226 |
| Siri |
A person with physical access to an iOS device may be able to enable Siri from the lock screen |
An issue existed with Siri permissions. This was addressed with improved permission checking. |
CVE-2018-4238 |
| Siri |
A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen |
An issue existed with Siri permissions. This was addressed with improved permission checking. |
CVE-2018-4252 |
| Siri Contacts |
An attacker with physical access to a device may be able to see private contact information |
An issue existed with Siri permissions. This was addressed with improved permission checking. |
CVE-2018-4244 |
| UIKit |
Processing a maliciously crafted text file may lead to a denial of service |
A validation issue existed in the handling of text. This issue was addressed with improved validation of text. |
CVE-2018-4198 |
| WebKit |
Visiting a malicious website may lead to address bar spoofing |
An inconsistent user interface issue was addressed with improved state management. |
CVE-2018-4188 |
| WebKit |
Processing maliciously crafted web content may lead to arbitrary code execution |
Multiple memory corruption issues were addressed with improved memory handling. |
CVE-2018-4201,CVE-2018-4218,CVE-2018-4233 |
| WebKit |
Processing maliciously crafted web content may lead to arbitrary code execution |
A buffer overflow issue was addressed with improved memory handling. |
CVE-2018-4199 |
| WebKit |
Visiting a maliciously crafted website may lead to cookies being overwritten |
A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. |
CVE-2018-4232 |
| WebKit |
Processing maliciously crafted web content may lead to arbitrary code execution |
A race condition was addressed with improved locking. |
CVE-2018-4192 |
| WebKit |
Processing maliciously crafted web content may lead to an unexpected Safari crash |
A memory corruption issue was addressed with improved input validation. |
CVE-2018-4214 |
| WebKit |
Processing maliciously crafted web content may lead to arbitrary code execution |
A memory corruption issue was addressed with improved memory handling. |
CVE-2018-4204 |
| WebKit |
Processing maliciously crafted web content may lead to arbitrary code execution |
A type confusion issue was addressed with improved memory handling. |
CVE-2018-4246 |
| WebKit |
Visiting a maliciously crafted website may leak sensitive data |
Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. |
CVE-2018-4190 |
| WebKit |
Processing maliciously crafted web content may lead to arbitrary code execution |
An out-of-bounds read was addressed with improved input validation. |
CVE-2018-4222 |
https://www.sans.edu
