This could lead to remote code execution. This issue was fixed in macOS High Sierra 10.13.6, Security Update 2018-001 Sierra. An attacker could create a maliciously crafted app in the app store that would run at startup on your Mac. Macs with stock or third-party antivirus installed would not be able to scan such an app, allowing a remote attacker to execute arbitrary code in the kernel. This issue was addressed by rejecting app submissions from untrusted app stores. An app may be able to read uninitialized memory. This issue could lead to information disclosure. This issue was fixed in macOS High Sierra 10.13.6, Security Update 2018-005 Sierra. An attacker could create a maliciously crafted app in the app store that would read from an uninitialized memory location, allowing the attacker to obtain information about the running system. Macs with stock or third-party antivirus installed would not be able to scan such an app, allowing a remote attacker to read memory on the Mac. This issue was addressed by rejecting app submissions from untrusted app stores. An app may be able to perform arbitrary code execution with elevated privileges. This issue could lead to remote code execution. This issue was fixed in macOS High Sierra 10.13.6, Security Update 2018-006 Sierra. An attacker could create a maliciously crafted app in the app store that would run at startup on your Mac. Macs with stock or third-party antivirus installed would not be

Security Update 2018-005 Sierra - Improves macOS system stability and security

Security Update 2018-005 Sierra is a security update for macOS High Sierra 10.13.6, Security Update 2018-001 Sierra, and Security Update 2017-001 El Capitan 10.11.6. This update improves system stability and security by fixing several issues in the following components:
An app could read uninitialized memory from the kernel.
An app could be able to run at startup with elevated privileges.
A maliciously crafted app could be installed in the local Mac App Store that would read from an uninitialized memory location, allowing the attacker to obtain information about the running system.
A maliciously crafted app could be installed in the local Mac App Store that would read from an uninitialized memory location, allowing the attacker to execute arbitrary code in the kernel.

macOS High Sierra 10.13 - CVE-2018-4655

An app may be able to perform arbitrary code execution with elevated privileges. This issue was fixed in macOS High Sierra 10.13, Security Update 2018-012 Sierra

- How to prevent Facebook from running background tasks on your Mac
- How to prevent apps from running during startup on your Mac

Apple iOS Security Updates and CVEs

Apple iOS Security Updates and CVEs:
The following is a list of Apple iOS security updates.

Timeline

Published on: 08/24/2022 20:15:00 UTC
Last modified on: 08/29/2022 15:50:00 UTC

References