Along with security updates tech giant also released macOS Sierra 10.13.3, iOS 11.2.5, tvOS 11.2.5, and watchOS 4.2.2 full operating system suits and remaining security updates for iTunes, iCloud for Windows and Safari for OS X El Capitan, macOS High Sierra.
Earlier, Apple had released a fix for Meltdown, a vulnerability which allowed an attacker to access protected kernel memory. The fix, which was supposed to address security vulnerabilities only on newer Macs but Apple released an update for older versions of macOS as well.
Although the Spectre vulnerabilities were mitigated in earlier January, the mitigation produced a negligible result on the Speedometer and ARES-6 tests. Prior to the updates, Apple’s decision of opting to reserve the fixes to newer Macs resulted in the customers criticizing the company for forcing customers to update their entire operating system so that they could receive patches. Apart from Meltdown and Spectre, the updates also features fixes to various other vulnerabilities.
While the updates seem to fix the Meltdown and Spectre vulnerabilities, As per researchers one true fix to the vulnerability will be a hardware update, as these vulnerabilities are hardware-based and make use of the speculative execution mechanism of the CPU. The operating system updates implement the software workarounds for the vulnerablities.”
Following CVE’s lead to arbitrary code execution, hence these are high priority security updates and need to consider applying these security updates as soon as possible.
CVE-2018-4088, CVE-2018-4096, CVE-2018-4089, CVE-2018-4094, CVE-2018-4087, CVE-2018-4095, CVE-2018-4082, CVE-2018-4085, CVE-2018-4098, CVE-2018-4097
Apple Security Updates Summary:
- Product: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, 2018-001 El Capitan
- Affected features: Audio, curl, IOHIDFamily, Kernel, LinkPresentation, QuartzCore, Sandbox, Security, WebKit, Wi-Fi
- Impact: Arbitrary Code Execution, out-of-bounds read issue, Meltdown, Denial-of-Service, incorrect application of certificate constraints
- CVE: CVE-2018-4094, CVE-2017-8817, CVE-2018-4098, CVE-2017-5754, CVE-2018-4090, CVE-2018-4092, CVE-2018-4082, CVE-2018-4097, CVE-2018-4093, CVE-2018-4100, CVE-2018-4085, CVE-2018-4091, CVE-2018-4086, CVE-2018-4088, CVE-2018-4089, CVE-2018-4096, CVE-2018-4084
- Product: iOS 11.2.5
- Affected features: Audio, Core, Bluetooth, Kernel, LinkPresentation, QuartzCore, Security, WebKit
- Impact: Arbitrary Code Execution, Denial-of-Service, incorrect application of certificate constraints
- CVE: CVE-2018-4094, CVE-2018-4087, CVE-2018-4095, CVE-2018-4090, CVE-2018-4092, CVE-2018-4082, CVE-2018-4093, CVE-2018-4100, CVE-2018-4085, CVE-2018-4086, CVE-2018-4088, CVE-2018-4089, CVE-2018-4096
- Product: tvOS 11.2.5
- Affected features: AudioCore, Bluetooth, Kernel, QuartzCore, Security, WebKit
- Impact: Arbitrary Code Execution, incorrect application of certificate constraints
- CVE: CVE-2018-4094, CVE-2018-4087, CVE-2018-4095, CVE-2018-4090, CVE-2018-4092, CVE-2018-4082, CVE-2018-4093, CVE-2018-4085, CVE-2018-4086, CVE-2018-4088, CVE-2018-4089, CVE-2018-4096
- Product: watchOS 4.2.2
- Affected features: Audio, Core, Bluetooth, Kernel, LinkPresentation, QuartzCore, Security, WebKit
- Impact: Arbitrary Code Execution, incorrect application of certificate constraints
- CVE: CVE-2018-4094, CVE-2018-4087, CVE-2018-4095, CVE-2018-4090, CVE-2018-4092, CVE-2018-4082, CVE-2018-4093, CVE-2018-4100, CVE-2018-4085, CVE-2018-4086, CVE-2018-4088 , CVE-2018-4096
- Product: Safari 11.0.3
- Affected OS: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3
- Affected features: WebKit
- Impact: Arbitrary Code Execution
- CVE: CVE-2018-4088, CVE-2018-4089, CVE-2018-4096
- Product: iCloud
- Affected OS: Windows 7 and later
- Affected features: WebKit
- Impact: Arbitrary Code Execution
- CVE: CVE-2018-4088, CVE-2018-4096
- Product: iTunes 12.7.3 for Windows
- Affected OS: Windows 7 and later
- Affected features: WebKit
- Impact: Arbitrary Code Execution
- CVE: CVE-2018-4088, CVE-2018-4096
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.