애플(Apple) iOS 11.4 보안 업데이트

IT & Security/모바일 (Android, iOS)

애플(Apple) iOS 11.4 보안 업데이트 - 35개의 취약점

la Nube 2018. 6. 4. 17:10

애플(Apple) iPhone 5s 및 이후 모델, iPad Air 및 이후 모델, iPod touch (6th generation) iOS의 새로운 기능 추가나 버그 수정 또는 보안 취약점 문제를 해결한 iOS 11.4 버전이 업데이트를 통해 배포되었습니다.

아울러 Windows 7 및 이후 버전에서 iTunes for Windows의 새로운 기능 추가나 버그 수정 또는 보안 취약점 문제를 해결한 iTunes 12.7.5 버전도 업데이트를 통해 배포되었습니다.

이번 iOS 업데이트에는 다음과 같은 35개의 보안 취약점에 대한 보안 패치가 포함되어 있습니다.

Bluetooth

- A malicious application may be able to elevate privileges

- CVE-2018-4215

Contacts

- Processing a maliciously crafted vcf file may lead to a denial of service

- CVE-2018-4100

FontParser

- Processing a maliciously crafted font file may lead to arbitrary code execution

- CVE-2018-4211

iBooks

- An attacker in a privileged network position may be able to spoof password prompts in iBooks

- CVE-2018-4202

Kernel

- An application may be able to execute arbitrary code with kernel privileges

- CVE-2018-4241

- CVE-2018-4243

Kernel

- An application may be able to execute arbitrary code with kernel privileges

- CVE-2018-4249

libxpc

- An application may be able to gain elevated privileges

- CVE-2018-4237

Magnifier

- A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen

- CVE-2018-4239

Mail

- An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail

- CVE-2018-4227

Messages

- A local user may be able to conduct impersonation attacks

- CVE-2018-4235

Messages

- Processing a maliciously crafted message may lead to a denial of service

- CVE-2018-4240

- CVE-2018-4250

Safari

- A malicious website may be able to cause a denial of service

- CVE-2018-4247

Security

- Users may be tracked by malicious websites using client certificates

- CVE-2018-4221

Security

- A local user may be able to read a persistent account identifier

- CVE-2018-4223

Security

- A local user may be able to read a persistent device identifier

- CVE-2018-4224

Security

- A local user may be able to modify the state of the Keychain

- CVE-2018-4225

Security

- A local user may be able to view sensitive user information

- CVE-2018-4226

Siri

- A person with physical access to an iOS device may be able to enable Siri from the lock screen

- CVE-2018-4238

Siri

- A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen

- CVE-2018-4252

Siri Contacts

- An attacker with physical access to a device may be able to see private contact information

- CVE-2018-4244

UIKit

- Processing a maliciously crafted text file may lead to a denial of service

- CVE-2018-4198

WebKit

- Visiting a malicious website may lead to address bar spoofing

- CVE-2018-4188

WebKit