Clock
Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes
Description: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed through improved access restrictions.
CoreFoundation
Related Download iOS 11.3 Final with New Animoji, Battery Health More
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
CoreText
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A denial of service issue was addressed through improved memory handling.
File System Events
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
Files Widget
Impact: File Widget may display contents on a locked device
Description: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.
Find My iPhone
Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password
Description: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.
iCloud Drive
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
Kernel
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed with improved memory handling.
Kernel
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail
Description: An inconsistent user interface issue was addressed with improved state management.
NSURLSession
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
PluginKit
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
Quick Look
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
Safari
Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
Safari Login AutoFill
Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.
Description: Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics.
SafariViewController
Impact: Visiting a malicious website may lead to user interface spoofing
Description: A state management issue was addressed by disabling text input until the destination page loads.
Security
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size validation.
Storage
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with additional validation.
System Preferences
Impact: A configuration profile may incorrectly remain in effect after removal
Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.
Telephony
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed through improved message validation.
Web App
Impact: Cookies may unexpectedly persist in web app
Description: A cookie management issue was addressed through improved state management.
WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
WebKit
Impact: Unexpected interaction with indexing types causing an ASSERT failure
Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks
WebKit
Impact: Processing maliciously crafted web content may lead to a denial of service
Description: A memory corruption issue was addressed through improved input validation
WebKit
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.
WindowServer
Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled
Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.
