07-26-2018, 01:54 PM
|
#447
|
|
Junior Member
Join Date: May 2018
Posts: 9
|
Quote:
Originally Posted by displayhero
after having the latest updates installed and continually waiting for a solution for over 6 months now... I now have my screens back and running. I do not have airplay so I have had a screen sitting here doing nothing for that amount of time.
donluca you are a god amongst men. thanks for posting those... there is NOTHING in the new updates beyond 10.13.3 that is noticeable for me.
i am happy to remain on this until a solution comes out.. but even so i dont think ill risk updating again after what happened.
|
Not updating eh? That's not very smart. Here's some of the security updates you will be missing out on..........
AMD
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team
APFS
Available for: macOS High Sierra 10.13.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative
ATS
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to gain root privileges
Description: A type confusion issue was addressed with improved memory handling.
CVE-2018-4285: Mohamed Ghannam (@_simo36)
Bluetooth
Available for: MacBook Pro (15-inch, 2018) and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports)
Other Mac models were addressed with macOS High Sierra 10.13.5.
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham
Entry added July 23, 2018
CFNetwork
Available for: macOS High Sierra 10.13.5
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed with improved checks.
CVE-2018-4293: an anonymous researcher
CoreCrypto
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to break out of its sandbox
Description: A memory corruption issue was addressed with improved input validation.
CVE-2018-4269: Abraham Masri (@cheesecakeufo)
DesktopServices
Available for: macOS Sierra 10.12.6
Impact: A local user may be able to view sensitive user information
Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation.
CVE-2018-4178: Arjen Hendrikse
IOGraphics
Available for: macOS High Sierra 10.13.5
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative
Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
Impact: Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel
Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.
An information disclosure issue was addressed with FP/SIMD register state sanitization.
CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival
libxpc
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4280: Brandon Azad
libxpc
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2018-4248: Brandon Azad
LinkPresentation
Available for: macOS High Sierra 10.13.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)
|
|
|