애플(Apple) iOS 11.3 보안 업데이트 - 44건의 보안 취약점

애플(Apple) iPhone 5s 및 이후 모델, iPad Air 및 이후 모델, iPod touch (6th generation) iOS의 새로운 기능 추가나 버그 수정 또는 보안 취약점 문제를 해결한 iOS 11.3 버전이 업데이트를 통해 배포되었습니다.

--

이번 업데이트에는 다음과 같은 44건의 보안 취약점에 대한 보안 패치가 포함되어 있습니다.

Clock

 - CVE-2018-4123

 - A person with physical access to an iOS device may be able to see the email address used for iTunes

CoreFoundation

 - CVE-2018-4155, CVE-2018-4158

 - An application may be able to gain elevated privileges

CoreText

 - CVE-2018-4142

 - Processing a maliciously crafted string may lead to a denial of service

File System Events

 - CVE-2018-4167

 - An application may be able to gain elevated privileges

Files Widget

 - CVE-2018-4168

 - File Widget may display contents on a locked device

Find My iPhone

 - CVE-2018-4172

 - A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password

iCloud Drive

 - CVE-2018-4151

 - An application may be able to gain elevated privileges

Kernel

 - CVE-2018-4150

 - A malicious application may be able to execute arbitrary code with kernel privileges

Kernel

 - CVE-2018-4104

 - An application may be able to read restricted memory

Kernel

 - CVE-2018-4143

 - An application may be able to execute arbitrary code with kernel privileges

Mail

 - CVE-2018-4174

 - An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail

NSURLSession

 - CVE-2018-4166

 - An application may be able to gain elevated privileges

PluginKit

 - CVE-2018-4156

 - An application may be able to gain elevated privileges

Quick Look

 - CVE-2018-4157

 - An application may be able to gain elevated privileges

Safari

 - CVE-2018-4134

 - Visiting a malicious website by clicking a link may lead to user interface spoofing

Safari Login AutoFill

 - CVE-2018-4137

 - A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.

SafariViewController

 - CVE-2018-4149

 - Visiting a malicious website may lead to user interface spoofing

Security

 - CVE-2018-4144

 - A malicious application may be able to elevate privileges

Storage

 - CVE-2018-4154

 - An application may be able to gain elevated privileges

System Preferences

 - CVE-2018-4115

 - A configuration profile may incorrectly remain in effect after removal

Telephony

 - CVE-2018-4140

 - A remote attacker can cause a device to unexpectedly restart

Telephony

 - CVE-2018-4148

 - A remote attacker may be able to execute arbitrary code

Web App

 - CVE-2018-4110

 - Cookies may unexpectedly persist in web app

WebKit

 - CVE-2018-4101, CVE-2018-4114, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4121, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4130, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165

 - Processing maliciously crafted web content may lead to arbitrary code execution

WebKit

 - CVE-2018-4113

 - Unexpected interaction with indexing types causing an ASSERT failure

WebKit

 - CVE-2018-4146

 - Processing maliciously crafted web content may lead to a denial of service

WebKit

 - CVE-2018-4117

 - A malicious website may exfiltrate data cross-origin

WindowServer

 - CVE-2018-4131

 - An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled

자세한 업데이트 내역은 아래 링크의 Changelog 정보를 참고하기 바랍니다.

--

[영향을 받는 iOS 및 업데이트 버전]

□ Apple iOS

※ iOS 11.2.6 및 이하 버전 → iOS 11.3 버전으로 업데이트

※ https://support.apple.com/en-us/HT208693

--

그러므로 iOS 사용자는 다음을 확인하여 최신버전으로 업데이트할 것을 권고합니다.

iPhone, iPad 또는 iPod touch 업데이트하기 : https://support.apple.com/ko-kr/HT204204

'무선으로 기기 업데이트하기'보다는 'iTunes를 사용하여 기기 업데이트하기'를 권장합니다.

"여러분의 아이폰은 안전한가요?"