Security Vulnerabilities - CVEs Published In April 2018
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
CVSS Score
7.0
EPSS Score
0.017
Published
2018-04-03
remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.
CVSS Score
7.2
EPSS Score
0.01
Published
2018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
CVSS Score
5.9
EPSS Score
0.008
Published
2018-04-03
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-04-03
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS Score
7.0
EPSS Score
0.002
Published
2018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS Score
7.0
EPSS Score
0.002
Published
2018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS Score
7.0
EPSS Score
0.002
Published
2018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS Score
7.0
EPSS Score
0.002
Published
2018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS Score
7.0
EPSS Score
0.002
Published
2018-04-03