2018.json

[
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A type confusion issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Airport", 
        "id": "CVE-2018-4303", 
        "credit": "Mohamed Ghannam (@_simo36)", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Disk Images", 
        "id": "CVE-2018-4427", 
        "credit": "Pangu Team", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "An attacker in a privileged position may be able to perform a denial of service attack", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A denial of service issue was addressed by removing the vulnerable code.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4460", 
        "credit": "Kevin Backhouse of Semmle Security Research Team", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "A local user may be able to read kernel memory", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory initialization issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4431", 
        "credit": "An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved state management.", 
        "update": "December 18, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4447", 
        "credit": "Juwei Lin(@panicaII) and Zhengyu Dong of TrendMicro Mobile Security Team working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A logic issue was addressed with improved restrictions.", 
        "update": "December 18, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4435", 
        "credit": "Jann Horn of Google Project Zero, Juwei Lin(@panicaII) and Junzhi Lu of TrendMicro Mobile Security Team working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4461", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Processing a maliciously crafted email may lead to user interface spoofing", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.", 
        "update": "", 
        "module": "LinkPresentation", 
        "id": "CVE-2018-4429", 
        "credit": "Victor Le Pochat of imec-DistriNet, KU Leuven", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "An untrusted configuration profile may be incorrectly displayed as verified", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A certificate validation issue existed in configuration profiles. This was addressed with additional checks.", 
        "update": "December 18, 2018", 
        "module": "Profiles", 
        "id": "CVE-2018-4436", 
        "credit": "James Seeley @Code4iOS, Joseph S. of JJS Securities", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Series 1 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4437", 
        "credit": "HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Series 1 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4464", 
        "credit": "HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4441", 
        "credit": "lokihardt of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4442", 
        "credit": "lokihardt of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4443", 
        "credit": "lokihardt of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4438", 
        "credit": "lokihardt of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209343"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "Windows 7 and later", 
        "description": "A logic issue was addressed with improved state management.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4440", 
        "credit": "Wenxu Wu of Tencent Security Xuanwu Lab (xlab.tencent.com)", 
        "page": "https://support.apple.com/en-us/HT209346"
    }, 
    {
        "impact": "Visiting a malicious website may lead to user interface spoofing", 
        "available": "Windows 7 and later", 
        "description": "A logic issue was addressed with improved validation.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4439", 
        "credit": "xisigr of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/en-us/HT209346"
    }, 
    {
        "impact": "A user may be unable to fully delete browsing history", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.1", 
        "description": "\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4445", 
        "credit": "William Breuer", 
        "page": "https://support.apple.com/en-us/HT209344"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS Sierra 10.12.6, macOS Mojave 10.14.1, macOS High Sierra 10.13.6", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "December 21, 2018", 
        "module": "AMD", 
        "id": "CVE-2018-4462", 
        "credit": "cocoahuke, Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Mojave 10.14.1", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Carbon Core", 
        "id": "CVE-2018-4463", 
        "credit": "Maksymilian Arciemowicz (cxsecurity.com)", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.1", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Disk Images", 
        "id": "CVE-2018-4465", 
        "credit": "Pangu Team", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "A local user may be able to cause unexpected system termination or read kernel memory", 
        "available": "macOS Mojave 10.14.1", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4434", 
        "credit": "Zhuo Liang of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "December 21, 2018", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4456", 
        "credit": "Tyler Bohan of Cisco Talos", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory initialization issue was addressed with improved memory handling.", 
        "update": "December 21, 2018", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4421", 
        "credit": "Tyler Bohan of Cisco Talos", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.1", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WindowServer", 
        "id": "CVE-2018-4449", 
        "credit": "Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin Security Research Lab", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.1", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WindowServer", 
        "id": "CVE-2018-4450", 
        "credit": "Hanqing Zhao, Yufeng Ruan and Kun Yang of Chaitin Security Research Lab", 
        "page": "https://support.apple.com/en-us/HT209341"
    }, 
    {
        "impact": "A local attacker may be able to view contacts from the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.", 
        "update": "", 
        "module": "FaceTime", 
        "id": "CVE-2018-4430", 
        "credit": "videosdebarraquito", 
        "page": "https://support.apple.com/en-us/HT209340"
    }, 
    {
        "impact": "A malicious application may be able to learn information about the presence of other applications on the device", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "This issue was addressed with improved entitlements.", 
        "update": "", 
        "module": "File Provider", 
        "id": "CVE-2018-4446", 
        "credit": "Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Caraba\u0219 and R\u0103zvan Deaconescu of University POLITEHNICA of Bucharest", 
        "page": "https://support.apple.com/en-us/HT209340"
    }, 
    {
        "impact": "Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "A logic issue was addressed with improved validation.", 
        "update": "", 
        "module": "Safari Reader", 
        "id": "CVE-2018-4374", 
        "credit": "Ryan Pickren (ryanpickren.com)", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.", 
        "update": "", 
        "module": "Safari Reader", 
        "id": "CVE-2018-4377", 
        "credit": "Ryan Pickren (ryanpickren.com)", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4372", 
        "credit": "HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4373", 
        "credit": "ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4375", 
        "credit": "Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4376", 
        "credit": "010 working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4382", 
        "credit": "lokihardt of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4386", 
        "credit": "lokihardt of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4392", 
        "credit": "zhunki of 360 ESG Codesafe Team", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4416", 
        "credit": "lokihardt of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "A malicious website may be able to cause a denial of service", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "A resource exhaustion issue was addressed with improved input validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4409", 
        "credit": "Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to code execution", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14", 
        "description": "A memory corruption issue was addressed with improved validation.", 
        "update": "November 16, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4378", 
        "credit": "HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team", 
        "page": "https://support.apple.com/en-us/HT209196"
    }, 
    {
        "impact": "An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers", 
        "available": "Windows 7 and later", 
        "description": "An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.", 
        "update": "", 
        "module": "CoreCrypto", 
        "id": "CVE-2018-4398", 
        "credit": "Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum", 
        "page": "https://support.apple.com/en-us/HT209198"
    }, 
    {
        "impact": "Processing a maliciously crafted string may lead to heap corruption", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "December 18, 2018", 
        "module": "ICU", 
        "id": "CVE-2018-4394", 
        "credit": "Erik Verbruggen of The Qt Company", 
        "page": "https://support.apple.com/en-us/HT209197"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "AppleAVD", 
        "id": "CVE-2018-4384", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "", 
        "module": "IPSec", 
        "id": "CVE-2018-4371", 
        "credit": "Tim Michaud (@TimGMichaud) of Leviathan Security Group", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed by removing the vulnerable code.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4420", 
        "credit": "Mohamed Ghannam (@_simo36)", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory initialization issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4413", 
        "credit": "Juwei Lin (@panicaII) of TrendMicro Mobile Security Team", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4419", 
        "credit": "Mohamed Ghannam (@_simo36)", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "Connecting to a VPN server may leak DNS queries to a DNS proxy", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A logic issue was addressed with improved state management.", 
        "update": "", 
        "module": "NetworkExtension", 
        "id": "CVE-2018-4369", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "Processing a maliciously crafted S/MIME signed message may lead to a denial of service", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A validation issue was addressed with improved logic.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4400", 
        "credit": "Yukinobu Nagayasu of LAC Co., Ltd.", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "An attacker in a privileged position may be able to perform a denial of service attack", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A denial of service issue was addressed with improved validation.", 
        "update": "", 
        "module": "WiFi", 
        "id": "CVE-2018-4368", 
        "credit": "Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt", 
        "page": "https://support.apple.com/en-us/HT209195"
    }, 
    {
        "impact": "Processing a maliciously crafted vcf file may lead to a denial of service", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An out-of-bounds read was addressed with improved bounds checking.", 
        "update": "", 
        "module": "Contacts", 
        "id": "CVE-2018-4365", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "A remote attacker may be able to leak memory", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "FaceTime", 
        "id": "CVE-2018-4366", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "FaceTime", 
        "id": "CVE-2018-4367", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "Processing a maliciously crafted text message may lead to UI spoofing", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "Messages", 
        "id": "CVE-2018-4390", 
        "credit": "Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "Processing a maliciously crafted text message may lead to UI spoofing", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "Messages", 
        "id": "CVE-2018-4391", 
        "credit": "Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "A local attacker may be able to share items from the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.", 
        "update": "November 16, 2018", 
        "module": "Notes", 
        "id": "CVE-2018-4388", 
        "credit": "videosdebarraquito", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "A local attacker may be able to view photos from the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.", 
        "update": "", 
        "module": "VoiceOver", 
        "id": "CVE-2018-4387", 
        "credit": "videosdebarraquito", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A logic issue was addressed with improved state management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4385", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT209192"
    }, 
    {
        "impact": "A remote attacker may be able to attack AFP servers through HTTP clients", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "An input validation issue was addressed with improved input validation.", 
        "update": "", 
        "module": "afpserver", 
        "id": "CVE-2018-4295", 
        "credit": "Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "AppleGraphicsControl", 
        "id": "CVE-2018-4410", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS High Sierra 10.13.6", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "AppleGraphicsControl", 
        "id": "CVE-2018-4417", 
        "credit": "Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Multiple buffer overflow issues existed in Perl", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Perl were addressed with improved memory handling.", 
        "update": "December 21, 2018", 
        "module": "APR", 
        "id": "CVE-2017-12613", 
        "credit": "Craig Young of Tripwire VERT", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Multiple buffer overflow issues existed in Perl", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Perl were addressed with improved memory handling.", 
        "update": "December 21, 2018", 
        "module": "APR", 
        "id": "CVE-2017-12618", 
        "credit": "Craig Young of Tripwire VERT", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2018-4411", 
        "credit": "lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "An out-of-bounds read was addressed with improved bounds checking.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2018-4308", 
        "credit": "Mohamed Ghannam (@_simo36)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "CFNetwork", 
        "id": "CVE-2018-4126", 
        "credit": "Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "CoreAnimation", 
        "id": "CVE-2018-4415", 
        "credit": "Liang Zhuo working with Beyond Security\u2019s SecuriTeam Secure Disclosure", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "CoreFoundation", 
        "id": "CVE-2018-4412", 
        "credit": "The UK's National Cyber Security Centre (NCSC)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "An injection issue was addressed with improved validation.", 
        "update": "", 
        "module": "CUPS", 
        "id": "CVE-2018-4153", 
        "credit": "Michael Hanselmann of hansmi.ch", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An attacker in a privileged position may be able to perform a denial of service attack", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A denial of service issue was addressed with improved validation.", 
        "update": "", 
        "module": "CUPS", 
        "id": "CVE-2018-4406", 
        "credit": "Michael Hanselmann of hansmi.ch", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Parsing a maliciously crafted dictionary file may lead to disclosure of user information", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A validation issue existed which allowed local file access. This was addressed with input sanitization.", 
        "update": "", 
        "module": "Dictionary", 
        "id": "CVE-2018-4346", 
        "credit": "Wojciech Regu\u0142a (@_r3ggi) of SecuRing", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to access restricted files", 
        "available": "macOS Mojave 10.14", 
        "description": "This issue was addressed by removing additional entitlements.", 
        "update": "", 
        "module": "Dock", 
        "id": "CVE-2018-4403", 
        "credit": "Patrick Wardle of Digita Security", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "macOS High Sierra 10.13.6, macOS Mojave 10.14, macOS Sierra 10.12.6", 
        "description": "A logic issue was addressed with improved validation.", 
        "update": "November 16, 2018", 
        "module": "dyld", 
        "id": "CVE-2018-4423", 
        "credit": "Youfu Zhang of Chaitin Security Research Lab (@ChaitinTech)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis", 
        "available": "macOS High Sierra 10.13.6", 
        "description": "An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel.", 
        "update": "", 
        "module": "EFI", 
        "id": "CVE-2018-3639", 
        "credit": "Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A local user may be able to modify protected parts of the file system", 
        "available": "macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A configuration issue was addressed with additional restrictions.", 
        "update": "", 
        "module": "EFI", 
        "id": "CVE-2018-4342", 
        "credit": "Timothy Perfitt of Twocanoes Software", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Processing a maliciously crafted text file may lead to a denial of service", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A denial of service issue was addressed with improved validation.", 
        "update": "", 
        "module": "Foundation", 
        "id": "CVE-2018-4304", 
        "credit": "jianan.huang (@Sevck)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Grand Central Dispatch", 
        "id": "CVE-2018-4426", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Heimdal", 
        "id": "CVE-2018-4331", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry.", 
        "update": "", 
        "module": "Hypervisor", 
        "id": "CVE-2018-3646", 
        "credit": "Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "A memory corruption vulnerability was addressed with improved locking.", 
        "update": "", 
        "module": "Hypervisor", 
        "id": "CVE-2018-4242", 
        "credit": "Zhuo Liang of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4334", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS High Sierra 10.13.6", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4396", 
        "credit": "Yu Wang of Didi Research America", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS High Sierra 10.13.6", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4418", 
        "credit": "Yu Wang of Didi Research America", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4350", 
        "credit": "Yu Wang of Didi Research America", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOGraphics", 
        "id": "CVE-2018-4422", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved input validation", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2018-4408", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOKit", 
        "id": "CVE-2018-4402", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to break out of its sandbox", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOKit", 
        "id": "CVE-2018-4341", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to break out of its sandbox", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOKit", 
        "id": "CVE-2018-4354", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOUserEthernet", 
        "id": "CVE-2018-4401", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A malicious application may be able to leak sensitive user information", 
        "available": "macOS High Sierra 10.13.6", 
        "description": "An access issue existed with privileged API calls. This issue was addressed with additional restrictions.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4399", 
        "credit": "Fabiano Anemone (@anoane)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4340", 
        "credit": "Mohamed Ghannam (@_simo36)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4425", 
        "credit": "cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4259", 
        "credit": "Kevin Backhouse of Semmle and LGTM.com", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4286", 
        "credit": "Kevin Backhouse of Semmle and LGTM.com", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4287", 
        "credit": "Kevin Backhouse of Semmle and LGTM.com", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4288", 
        "credit": "Kevin Backhouse of Semmle and LGTM.com", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4291", 
        "credit": "Kevin Backhouse of Semmle and LGTM.com", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to execute arbitrary code", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved validation.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4407", 
        "credit": "Kevin Backhouse of Semmle Ltd.", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Mojave 10.14", 
        "description": "A buffer overflow was addressed with improved size validation.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4424", 
        "credit": "Dr. Silvio Cesare of InfoSect", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A local user may be able to cause a denial of service", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A validation issue was addressed with improved logic.", 
        "update": "", 
        "module": "Login Window", 
        "id": "CVE-2018-4348", 
        "credit": "Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Processing a maliciously crafted mail message may lead to UI spoofing", 
        "available": "macOS Mojave 10.14", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "Mail", 
        "id": "CVE-2018-4389", 
        "credit": "Dropbox Offensive Security Team, Theodor Ragnar Gislason of Syndis", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "mDNSOffloadUserClient", 
        "id": "CVE-2018-4326", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "An access issue was addressed with additional sandbox restrictions.", 
        "update": "", 
        "module": "MediaRemote", 
        "id": "CVE-2018-4310", 
        "credit": "CodeColorist of Ant-Financial LightYear Labs", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "An information disclosure issue was addressed with a microcode update. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel.", 
        "update": "", 
        "module": "Microcode", 
        "id": "CVE-2018-3640", 
        "credit": "Innokentiy Sennovskiy from BiZone LLC (bi.zone), Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com)", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "Multiple buffer overflow issues existed in Perl", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Perl were addressed with improved memory handling.", 
        "update": "", 
        "module": "Perl", 
        "id": "CVE-2018-6797", 
        "credit": "Brian Carpenter", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2017-0898", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2017-10784", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2017-14033", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2017-14064", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2017-17405", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2017-17742", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2018-6914", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2018-8777", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2018-8778", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2018-8779", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.6", 
        "description": "Multiple issues in Ruby were addressed in this update.", 
        "update": "", 
        "module": "Ruby", 
        "id": "CVE-2018-8780", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "A local user may be able to cause a denial of service", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "This issue was addressed with improved checks.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4395", 
        "credit": "Patrick Wardle of Digita Security", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Spotlight", 
        "id": "CVE-2018-4393", 
        "credit": "Lufeng Li", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6", 
        "description": "An out-of-bounds read was addressed with improved bounds checking.", 
        "update": "", 
        "module": "Symptom Framework", 
        "id": "CVE-2018-4203", 
        "credit": "Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209193"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "October 30, 2018", 
        "module": "CoreFoundation", 
        "id": "CVE-2018-4414", 
        "credit": "The UK's National Cyber Security Centre (NCSC)", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing a maliciously crafted text file may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "October 30, 2018, updated December 18, 2018", 
        "module": "CoreText", 
        "id": "CVE-2018-4347", 
        "credit": "Vasyl Tkachuk of Readdle", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Unexpected interaction causes an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4191", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Cross-origin SecurityErrors includes the accessed frame\u2019s origin", 
        "available": "Windows 7 and later", 
        "description": "The issue was addressed by removing origin information.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4311", 
        "credit": "Erling Alf Ellingsen (@steike)", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved state management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4316", 
        "credit": "crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 24, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4299", 
        "credit": "Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 24, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4323", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 24, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4328", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 24, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4358", 
        "credit": "@phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 24, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4359", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 24, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4360", 
        "credit": "William Bowling (@wcbowling)", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "A malicious website may cause unexepected cross-origin behavior", 
        "available": "Windows 7 and later", 
        "description": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4319", 
        "credit": "John Pettitt of Google", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "A malicious website may be able to execute scripts in the context of another website", 
        "available": "Windows 7 and later", 
        "description": "A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4309", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4197", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4306", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4312", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4314", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4315", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4317", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4318", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "A malicious website may exfiltrate image data cross-origin", 
        "available": "Windows 7 and later", 
        "description": "A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.", 
        "update": "December 18, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4345", 
        "credit": "Jun Kokatsu (@shhnjk)", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "Unexpected interaction causes an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "A memory consumption issue was addressed with improved memory handling.", 
        "update": "October 24, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4361", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT209141"
    }, 
    {
        "impact": "A local attacker may be able to view photos and contacts from the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.", 
        "update": "", 
        "module": "VoiceOver", 
        "id": "CVE-2018-4380", 
        "credit": "videosdebarraquito", 
        "page": "https://support.apple.com/en-us/HT209162"
    }, 
    {
        "impact": "A local attacker may be able to share items from the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.", 
        "update": "", 
        "module": "Quick Look", 
        "id": "CVE-2018-4379", 
        "credit": "videosdebarraquito", 
        "page": "https://support.apple.com/en-us/HT209162"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to intercept Bluetooth traffic", 
        "available": "iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012), iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012), Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013)", 
        "description": "An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.", 
        "update": "", 
        "module": "Bluetooth", 
        "id": "CVE-2018-5383", 
        "credit": "Lior Neumann and Eli Biham", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "A malicious application may be able to determine the Apple ID of the owner of the computer", 
        "available": "", 
        "description": "A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.", 
        "update": "", 
        "module": "App Store", 
        "id": "CVE-2018-4324", 
        "credit": "Sergii Kryvoblotskyi of MacPaw Inc.", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "", 
        "description": "A configuration issue was addressed with additional restrictions.", 
        "update": "October 30, 2018", 
        "module": "Application Firewall", 
        "id": "CVE-2018-4353", 
        "credit": "Abhinav Bansal of LinkedIn Inc.", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "A malicious application may be able to access local users AppleIDs", 
        "available": "", 
        "description": "A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.", 
        "update": "", 
        "module": "Auto Unlock", 
        "id": "CVE-2018-4321", 
        "credit": "Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Crash Reporter", 
        "id": "CVE-2018-4333", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "Heimdal", 
        "id": "CVE-2018-4332", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "Heimdal", 
        "id": "CVE-2018-4343", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "Parsing a maliciously crafted iBooks file may lead to disclosure of user information", 
        "available": "", 
        "description": "A configuration issue was addressed with additional restrictions.", 
        "update": "October 30, 2018", 
        "module": "iBooks", 
        "id": "CVE-2018-4355", 
        "credit": "evi1m0 of bilibili security team", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "", 
        "description": "A memory initialization issue was addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4351", 
        "credit": "Appology Team @ Theori working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "", 
        "description": "A memory corruption issue was addressed with improved state management.", 
        "update": "October 30, 2018", 
        "module": "IOKit", 
        "id": "CVE-2018-4383", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4336", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4337", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4344", 
        "credit": "The UK's National Cyber Security Centre (NCSC)", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "Multiple issues in libressl were addressed in this update", 
        "available": "", 
        "description": "Multiple issues were addressed by updating to libressl version 2.6.4.", 
        "update": "October 30, 2018, updated December 13, 2018", 
        "module": "LibreSSL", 
        "id": "CVE-2015-3194", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "Multiple issues in libressl were addressed in this update", 
        "available": "", 
        "description": "Multiple issues were addressed by updating to libressl version 2.6.4.", 
        "update": "October 30, 2018, updated December 13, 2018", 
        "module": "LibreSSL", 
        "id": "CVE-2015-5333", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "Multiple issues in libressl were addressed in this update", 
        "available": "", 
        "description": "Multiple issues were addressed by updating to libressl version 2.6.4.", 
        "update": "October 30, 2018, updated December 13, 2018", 
        "module": "LibreSSL", 
        "id": "CVE-2015-5334", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "Multiple issues in libressl were addressed in this update", 
        "available": "", 
        "description": "Multiple issues were addressed by updating to libressl version 2.6.4.", 
        "update": "October 30, 2018, updated December 13, 2018", 
        "module": "LibreSSL", 
        "id": "CVE-2016-0702", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm", 
        "available": "", 
        "description": "This issue was addressed by removing RC4.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2016-1777", 
        "credit": "Pepi Zawodsky", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "October 23, 2018", 
        "module": "Wi-Fi", 
        "id": "CVE-2018-4338", 
        "credit": "Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT209139"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.6 or later", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "October 24, 2018", 
        "module": "LLVM", 
        "id": "CVE-2018-4357", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT209135"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to intercept analytics data sent to Apple", 
        "available": "iOS 11.0 and later", 
        "description": "Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS.", 
        "update": "", 
        "module": "Analytics", 
        "id": "CVE-2018-4397", 
        "credit": "Yi\u011fit Can YILMAZ (@yilmazcanyigit)", 
        "page": "https://support.apple.com/en-us/HT209117"
    }, 
    {
        "impact": "A malicious website may be able to exfiltrate autofilled data in Safari", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "A logic issue was addressed with improved state management.", 
        "update": "September 24, 2018", 
        "module": "Safari", 
        "id": "CVE-2018-4307", 
        "credit": "Rafay Baloch of Pakistan Telecommunications Authority", 
        "page": "https://support.apple.com/en-us/HT209109"
    }, 
    {
        "impact": "A user may be unable to delete browsing history items", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.", 
        "update": "September 24, 2018", 
        "module": "Safari", 
        "id": "CVE-2018-4329", 
        "credit": "Hugo S. Diaz (coldpointblue)", 
        "page": "https://support.apple.com/en-us/HT209109"
    }, 
    {
        "impact": "Visiting a malicious website by clicking a link may lead to user interface spoofing", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "September 24, 2018", 
        "module": "Safari", 
        "id": "CVE-2018-4195", 
        "credit": "xisigr of Tencent's Xuanwu Lab (www.tencent.com)", 
        "page": "https://support.apple.com/en-us/HT209109"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store", 
        "available": "Apple Watch Series 1 and later", 
        "description": "An input validation issue was addressed with improved input validation.", 
        "update": "", 
        "module": "iTunes Store", 
        "id": "CVE-2018-4305", 
        "credit": "Jerry Decime", 
        "page": "https://support.apple.com/en-us/HT209108"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "Apple Watch Series 1 and later", 
        "description": "An input validation issue existed in the kernel. This issue was addressed with improved input validation.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4363", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT209108"
    }, 
    {
        "impact": "A local user may be able to discover websites a user has visited", 
        "available": "Apple Watch Series 1 and later", 
        "description": "A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4313", 
        "credit": "11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)", 
        "page": "https://support.apple.com/en-us/HT209108"
    }, 
    {
        "impact": "A local app may be able to read a persistent account identifier", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "This issue was addressed with improved entitlements.", 
        "update": "", 
        "module": "Accounts", 
        "id": "CVE-2018-4322", 
        "credit": "Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.", 
        "page": "https://support.apple.com/en-us/HT209106"
    }, 
    {
        "impact": "An app may be able to learn information about the current camera view before being granted camera access", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A permissions issue existed. This issue was addressed with improved permission validation.", 
        "update": "", 
        "module": "CoreMedia", 
        "id": "CVE-2018-4356", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT209106"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "IOMobileFrameBuffer", 
        "id": "CVE-2018-4335", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT209106"
    }, 
    {
        "impact": "A local user may be able to discover a user\u2019s deleted notes", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions.", 
        "update": "October 30, 2018", 
        "module": "Notes", 
        "id": "CVE-2018-4352", 
        "credit": "Utku Altinkaynak", 
        "page": "https://support.apple.com/en-us/HT209106"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "SafariViewController", 
        "id": "CVE-2018-4362", 
        "credit": "Jun Kokatsu (@shhnjk)", 
        "page": "https://support.apple.com/en-us/HT209106"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to determine the last used app from the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A logic issue was addressed with improved restrictions.", 
        "update": "", 
        "module": "Status Bar", 
        "id": "CVE-2018-4325", 
        "credit": "Brian Adeloye", 
        "page": "https://support.apple.com/en-us/HT209106"
    }, 
    {
        "impact": "Cookies may unexpectedly persist in Safari", 
        "available": "Windows 7 and later", 
        "description": "A cookie management issue was addressed with improved checks.", 
        "update": "", 
        "module": "CFNetwork", 
        "id": "CVE-2018-4293", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected Safari crash", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4270", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "A malicious website may exfiltrate audio data cross-origin", 
        "available": "Windows 7 and later", 
        "description": "Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4278", 
        "credit": "Jun Kokatsu (@shhnjk)", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A type confusion issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4284", 
        "credit": "Found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "A malicious website may be able to cause a denial of service", 
        "available": "Windows 7 and later", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4266", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4261", 
        "credit": "Omair working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4262", 
        "credit": "Mateusz Krzywicki working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4263", 
        "credit": "Arayz working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4264", 
        "credit": "found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4265", 
        "credit": "cc working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4267", 
        "credit": "Arayz of Pangu team working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4272", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected Safari crash", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved input validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4271", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected Safari crash", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved input validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4273", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 18, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4145", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208933"
    }, 
    {
        "impact": "A malicious application may be able to break out of its sandbox", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "October 24, 2018", 
        "module": "CoreCrypto", 
        "id": "CVE-2018-4269", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208932"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "October 30, 2018", 
        "module": "Safari", 
        "id": "CVE-2018-4279", 
        "credit": "Ruilin Yang, Xu Taoyu (xia0yu.win)", 
        "page": "https://support.apple.com/en-us/HT208934"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6", 
        "description": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.", 
        "update": "October 30, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4274", 
        "credit": "Tomasz Bojarski", 
        "page": "https://support.apple.com/en-us/HT208934"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "WebKit Page Loading", 
        "id": "CVE-2018-4260", 
        "credit": "xisigr of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/en-us/HT208934"
    }, 
    {
        "impact": "A malicious application may be able to access local users AppleIDs", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "A privacy issue in the handling of Open Directory records was addressed with improved indexing.", 
        "update": "December 10, 2018", 
        "module": "Accounts", 
        "id": "CVE-2018-4470", 
        "credit": "Jacob Greenfield of Commonwealth School", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "A malicious application may be able to determine kernel memory layout", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "An information disclosure issue was addressed by removing the vulnerable code.", 
        "update": "", 
        "module": "AMD", 
        "id": "CVE-2018-4289", 
        "credit": "shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "APFS", 
        "id": "CVE-2018-4268", 
        "credit": "Mac working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "A malicious application may be able to gain root privileges", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "A type confusion issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2018-4285", 
        "credit": "Mohamed Ghannam (@_simo36)", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "An attacker in a privileged position may be able to perform a denial of service attack", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5", 
        "description": "A null pointer dereference was addressed with improved validation.", 
        "update": "September 25, 2018", 
        "module": "CUPS", 
        "id": "CVE-2018-4276", 
        "credit": "Jakub Jirasek of Secunia Research at Flexera", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "A local user may be able to view sensitive user information", 
        "available": "macOS Sierra 10.12.6", 
        "description": "A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation.", 
        "update": "", 
        "module": "DesktopServices", 
        "id": "CVE-2018-4178", 
        "credit": "Arjen Hendrikse", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "A local user may be able to read kernel memory", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.", 
        "update": "", 
        "module": "IOGraphics", 
        "id": "CVE-2018-4283", 
        "credit": "@panicaII working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "Systems using Intel\u00ae Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5", 
        "description": "Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. An information disclosure issue was addressed with FP/SIMD register state sanitization.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-3665", 
        "credit": "Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "libxpc", 
        "id": "CVE-2018-4280", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "A malicious application may be able to read restricted memory", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "", 
        "module": "libxpc", 
        "id": "CVE-2018-4248", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.", 
        "update": "", 
        "module": "LinkPresentation", 
        "id": "CVE-2018-4277", 
        "credit": "xisigr of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "Multiple buffer overflow issues existed in Perl", 
        "available": "macOS High Sierra 10.13.5", 
        "description": "Multiple issues in Perl were addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "Perl", 
        "id": "CVE-2018-6913", 
        "credit": "GwanYeong Kim", 
        "page": "https://support.apple.com/en-us/HT208937"
    }, 
    {
        "impact": "Processing an emoji under certain configurations may lead to a denial of service", 
        "available": "All Apple Watch models", 
        "description": "A denial of service issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Emoji", 
        "id": "CVE-2018-4290", 
        "credit": "Patrick Wardle of Digita Security", 
        "page": "https://support.apple.com/en-us/HT208935"
    }, 
    {
        "impact": "A local user may be able to read kernel memory", 
        "available": "All Apple Watch models", 
        "description": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.", 
        "update": "November 16, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4282", 
        "credit": "Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin \"slashd\" Shilnenkov", 
        "page": "https://support.apple.com/en-us/HT208935"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "August 8, 2018", 
        "module": "Core Bluetooth", 
        "id": "CVE-2018-4327", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT208938"
    }, 
    {
        "impact": "A malicious application may be able to bypass the call confirmation prompt", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A logic issue existed in the handling of call URLs. This issue was addressed with improved state management.", 
        "update": "October 18, 2018", 
        "module": "Phone", 
        "id": "CVE-2018-4216", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208938"
    }, 
    {
        "impact": "A malicious application may be able to break out of its sandbox", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Wi-Fi", 
        "id": "CVE-2018-4275", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT208938"
    }, 
    {
        "impact": "An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)", 
        "available": "MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)", 
        "description": "A logic issue existed in the handling of state transitions. This was addressed with improved state management.", 
        "update": "", 
        "module": "Wi-Fi", 
        "id": "CVE-2017-13077", 
        "credit": "Mathy Vanhoef of the imec-DistriNet group at KU Leuven", 
        "page": "https://support.apple.com/en-us/HT208847"
    }, 
    {
        "impact": "An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)", 
        "available": "MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)", 
        "description": "A logic issue existed in the handling of state transitions. This was addressed with improved state management.", 
        "update": "", 
        "module": "Wi-Fi", 
        "id": "CVE-2017-13078", 
        "credit": "Mathy Vanhoef of the imec-DistriNet group at KU Leuven", 
        "page": "https://support.apple.com/en-us/HT208847"
    }, 
    {
        "impact": "An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)", 
        "available": "MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)", 
        "description": "A logic issue existed in the handling of state transitions. This was addressed with improved state management.", 
        "update": "", 
        "module": "Wi-Fi", 
        "id": "CVE-2017-13080", 
        "credit": "Mathy Vanhoef of the imec-DistriNet group at KU Leuven", 
        "page": "https://support.apple.com/en-us/HT208847"
    }, 
    {
        "impact": "A remote attacker may be able to overwrite arbitrary memory", 
        "available": "macOS Sierra 10.12 and later, Ubuntu 14.04 and later", 
        "description": "A buffer overflow was addressed with improved size validation.", 
        "update": "", 
        "module": "SwiftNIO", 
        "id": "CVE-2018-4281", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT208921"
    }, 
    {
        "impact": "Multiple issues in git, the most significant of which may lead to arbitrary code execution", 
        "available": "macOS High Sierra 10.13.2 or later", 
        "description": "Multiple issues existed in git. These issues were addressed by updating git to version 2.15.2.", 
        "update": "", 
        "module": "Git", 
        "id": "CVE-2018-11235", 
        "credit": "Etienne Stalmans", 
        "page": "https://support.apple.com/en-us/HT208895"
    }, 
    {
        "impact": "Multiple issues in git, the most significant of which may lead to arbitrary code execution", 
        "available": "macOS High Sierra 10.13.2 or later", 
        "description": "Multiple issues existed in git. These issues were addressed by updating git to version 2.15.2.", 
        "update": "", 
        "module": "Git", 
        "id": "CVE-2018-11233", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT208895"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "June 21, 2018", 
        "module": "CoreGraphics", 
        "id": "CVE-2018-4194", 
        "credit": "Jihui Lu of Tencent KeenLab, Yu Zhou of Ant-financial Light-Year Security Lab", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "A local user may be able to read a persistent device identifier", 
        "available": "Windows 7 and later", 
        "description": "An authorization issue was addressed with improved state management.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4224", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "A local user may be able to modify the state of the Keychain", 
        "available": "Windows 7 and later", 
        "description": "An authorization issue was addressed with improved state management.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4225", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "A local user may be able to view sensitive user information", 
        "available": "Windows 7 and later", 
        "description": "An authorization issue was addressed with improved state management.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4226", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to cookies being overwritten", 
        "available": "Windows 7 and later", 
        "description": "A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4232", 
        "credit": "an anonymous researcher, Aymeric Chaib", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A race condition was addressed with improved locking.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4192", 
        "credit": "Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected Safari crash", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4214", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4204", 
        "credit": "found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A type confusion issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4246", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed with improved state management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4200", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4201", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4218", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4233", 
        "credit": "Samuel Gro\u00df (@5aelo) working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "Windows 7 and later", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4188", 
        "credit": "YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may leak sensitive data", 
        "available": "Windows 7 and later", 
        "description": "Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4190", 
        "credit": "Jun Kokatsu (@shhnjk)", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A buffer overflow issue was addressed with improved memory handling.", 
        "update": "June 14, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4199", 
        "credit": "Alex Plaskett, Georgi Geshev, and Fabi Beterke of MWR Labs working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4222", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208853"
    }, 
    {
        "impact": "A malicious website may be able to cause a denial of service", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4", 
        "description": "A denial of service issue was addressed with improved validation.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4247", 
        "credit": "Fran\u00e7ois Renaud, Jesse Viviano of Verizon Enterprise Solutions", 
        "page": "https://support.apple.com/en-us/HT208854"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4205", 
        "credit": "xisigr of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/en-us/HT208854"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An information disclosure issue existed in Accessibility Framework. This issue was addressed with improved memory management.", 
        "update": "July 19, 2018", 
        "module": "Accessibility Framework", 
        "id": "CVE-2018-4196", 
        "credit": "Alex Plaskett, Georgi Geshev and Fabian Beterke of MWR Labs working with Trend Micro\u2019s Zero Day Initiative, and WanderingGlitch of Trend Micro Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A local user may be able to read kernel memory", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.", 
        "update": "", 
        "module": "AMD", 
        "id": "CVE-2018-4253", 
        "credit": "shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A local user may be able to read kernel memory", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "July 19, 2018", 
        "module": "AMD", 
        "id": "CVE-2018-4256", 
        "credit": "shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A local user may be able to read kernel memory", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "October 18, 2018, updated December 14, 2018", 
        "module": "AMD", 
        "id": "CVE-2018-4255", 
        "credit": "shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An input validation issue existed in the kernel. This issue was addressed with improved input validation.", 
        "update": "October 18, 2018", 
        "module": "AMD", 
        "id": "CVE-2018-4254", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A buffer overflow was addressed with improved bounds checking.", 
        "update": "October 18, 2018", 
        "module": "AppleGraphicsControl", 
        "id": "CVE-2018-4258", 
        "credit": "shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A buffer overflow was addressed with improved size validation.", 
        "update": "October 18, 2018", 
        "module": "AppleGraphicsPowerManagement", 
        "id": "CVE-2018-4257", 
        "credit": "shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "Issues in php were addressed in this update", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "This issue was addressed by updating to php version 7.1.16.", 
        "update": "", 
        "module": "apache_mod_php", 
        "id": "CVE-2018-7584", 
        "credit": "Wei Lei and Liu Yang of Nanyang Technological University", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A type confusion issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2018-4219", 
        "credit": "Mohamed Ghannam (@_simo36)", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A malicious application may be able to determine kernel memory layout.", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6", 
        "description": "An information disclosure issue existed in device properties. This issue was addressed with improved object management.", 
        "update": "", 
        "module": "Bluetooth", 
        "id": "CVE-2018-4171", 
        "credit": "shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A local process may modify other processes without entitlement checks", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An issue existed in CUPS. This issue was addressed with improved access restrictions.", 
        "update": "July 11, 2018", 
        "module": "CUPS", 
        "id": "CVE-2018-4180", 
        "credit": "Dan Bastone of Gotham Digital Science", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A local user may be able to read arbitrary files as root", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An issue existed in CUPS. This issue was addressed with improved access restrictions.", 
        "update": "July 11, 2018", 
        "module": "CUPS", 
        "id": "CVE-2018-4181", 
        "credit": "Eric Rafaloff and John Dunlap of Gotham Digital Science", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An access issue was addressed with additional sandbox restrictions on CUPS.", 
        "update": "July 11, 2018", 
        "module": "CUPS", 
        "id": "CVE-2018-4182", 
        "credit": "Dan Bastone of Gotham Digital Science", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An access issue was addressed with additional sandbox restrictions.", 
        "update": "July 11, 2018", 
        "module": "CUPS", 
        "id": "CVE-2018-4183", 
        "credit": "Dan Bastone and Eric Rafaloff of Gotham Digital Science", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A malicious application with root privileges may be able to modify the EFI flash memory region", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A device configuration issue was addressed with an updated configuration.", 
        "update": "", 
        "module": "Firmware", 
        "id": "CVE-2018-4251", 
        "credit": "Maxim Goryachy and Mark Ermolov", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to arbitrary code execution", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4", 
        "description": "A memory corruption issue was addressed with improved validation.", 
        "update": "", 
        "module": "FontParser", 
        "id": "CVE-2018-4211", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An issue existed in parsing entitlement plists. This issue was addressed with improved input validation.", 
        "update": "", 
        "module": "Grand Central Dispatch", 
        "id": "CVE-2018-4229", 
        "credit": "Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Graphics Drivers", 
        "id": "CVE-2018-4159", 
        "credit": "Axis and pjf of IceSword Lab of Qihoo 360", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to spoof password prompts in iBooks", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An input validation issue was addressed with improved input validation.", 
        "update": "", 
        "module": "iBooks", 
        "id": "CVE-2018-4202", 
        "credit": "Jerry Decime", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A malicious application may be able to access local users AppleIDs", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A privacy issue in the handling of Open Directory records was addressed with improved indexing.", 
        "update": "December 10, 2018", 
        "module": "Identity Services", 
        "id": "CVE-2018-4217", 
        "credit": "Jacob Greenfield of Commonwealth School", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4141", 
        "credit": "an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A race condition was addressed with improved locking.", 
        "update": "", 
        "module": "IOFireWireAVC", 
        "id": "CVE-2018-4228", 
        "credit": "Benjamin Gnahm (@mitp0sh) of Mentor Graphics", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOGraphics", 
        "id": "CVE-2018-4236", 
        "credit": "Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2018-4234", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "December 18, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4249", 
        "credit": "Kevin Backhouse of Semmle Ltd.", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6", 
        "description": "In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception after certain instructions. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-8897", 
        "credit": "Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A buffer overflow was addressed with improved bounds checking.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4241", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A buffer overflow was addressed with improved bounds checking.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4243", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A logic issue was addressed with improved validation.", 
        "update": "", 
        "module": "libxpc", 
        "id": "CVE-2018-4237", 
        "credit": "Samuel Gro\u00df (@5aelo) working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "October 30, 2018", 
        "module": "libxpc", 
        "id": "CVE-2018-4404", 
        "credit": "Samuel Gro\u00df (@5aelo) working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An attacker may be able to exfiltrate the contents of S/MIME- encrypted e-mail", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail.", 
        "update": "", 
        "module": "Mail", 
        "id": "CVE-2018-4227", 
        "credit": "Damian Poddebniak of M\u00fcnster University of Applied Sciences, Christian Dresen of M\u00fcnster University of Applied Sciences, Jens M\u00fcller of Ruhr University Bochum, Fabian Ising of M\u00fcnster University of Applied Sciences, Sebastian Schinzel of M\u00fcnster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, J\u00f6rg Schwenk of Ruhr University Bochum", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A local user may be able to conduct impersonation attacks", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An injection issue was addressed with improved input validation.", 
        "update": "", 
        "module": "Messages", 
        "id": "CVE-2018-4235", 
        "credit": "Anurodh Pokharel of Salesforce.com", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "Processing a maliciously crafted message may lead to a denial of service", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "This issue was addressed with improved message validation.", 
        "update": "", 
        "module": "Messages", 
        "id": "CVE-2018-4240", 
        "credit": "Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A race condition was addressed with improved locking.", 
        "update": "", 
        "module": "NVIDIA Graphics Drivers", 
        "id": "CVE-2018-4230", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "Users may be tracked by malicious websites using client certificates", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4221", 
        "credit": "Damian Poddebniak of M\u00fcnster University of Applied Sciences, Christian Dresen of M\u00fcnster University of Applied Sciences, Jens M\u00fcller of Ruhr University Bochum, Fabian Ising of M\u00fcnster University of Applied Sciences, Sebastian Schinzel of M\u00fcnster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, J\u00f6rg Schwenk of Ruhr University Bochum", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A local user may be able to read a persistent account identifier", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "An authorization issue was addressed with improved state management.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4223", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A sandbox issue existed in the handling of microphone access. This issue was addressed with improved handling of microphone access.", 
        "update": "", 
        "module": "Speech", 
        "id": "CVE-2018-4184", 
        "credit": "Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "Processing a maliciously crafted text file may lead to a denial of service", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A validation issue existed in the handling of text. This issue was addressed with improved validation of text.", 
        "update": "", 
        "module": "UIKit", 
        "id": "CVE-2018-4198", 
        "credit": "Hunter Byrnes", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Windows Server", 
        "id": "CVE-2018-4193", 
        "credit": "Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro\u2019s Zero Day Initiative, Richard Zhu (fluorescence) working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208849"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A buffer overflow was addressed with improved size validation.", 
        "update": "", 
        "module": "Bluetooth", 
        "id": "CVE-2018-4215", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "Processing a maliciously crafted vcf file may lead to a denial of service", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A validation issue existed in the handling of phone numbers. This issue was addressed with improved validation of phone numbers.", 
        "update": "", 
        "module": "Contacts", 
        "id": "CVE-2018-4100", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "August 8, 2018", 
        "module": "Core Bluetooth", 
        "id": "CVE-2018-4330", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A permissions issue existed in Magnifier.  This was addressed with additional permission checks.", 
        "update": "", 
        "module": "Magnifier", 
        "id": "CVE-2018-4239", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "Processing a maliciously crafted message may lead to a denial of service", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "This issue was addressed with improved message validation.", 
        "update": "", 
        "module": "Messages", 
        "id": "CVE-2018-4250", 
        "credit": "Metehan Y\u0131lmaz of Sesim Sarpkaya", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to enable Siri from the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An issue existed with Siri permissions. This was addressed with improved permission checking.", 
        "update": "", 
        "module": "Siri", 
        "id": "CVE-2018-4238", 
        "credit": "Baljinder Singh, Muhammad khizer javed, Onur Can BIKMAZ (@CanBkmaz) of Mustafa Kemal University", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An issue existed with Siri permissions. This was addressed with improved permission checking.", 
        "update": "", 
        "module": "Siri", 
        "id": "CVE-2018-4252", 
        "credit": "Hunter Byrnes, Martin Winkelmann (@Winkelmannnn)", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "An attacker with physical access to a device may be able to see private contact information", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An issue existed with Siri permissions. This was addressed with improved permission checking.", 
        "update": "", 
        "module": "Siri Contacts", 
        "id": "CVE-2018-4244", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208848"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed with improved error handling.", 
        "update": "", 
        "module": "Crash Reporter", 
        "id": "CVE-2018-4206", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208851"
    }, 
    {
        "impact": "A process may gain admin privileges and execute arbitrary code", 
        "available": "Ubuntu 14.04", 
        "description": "An issue existed in specific versions of Swift on Ubuntu 14.04 where libraries are loaded with write and execute permissions. This issue was addressed with improved permissions.", 
        "update": "", 
        "module": "Swift for Ubuntu", 
        "id": "CVE-2018-4220", 
        "credit": "Apple", 
        "page": "https://support.apple.com/en-us/HT208804"
    }, 
    {
        "impact": "Processing a maliciously crafted text message may lead to UI spoofing", 
        "available": "macOS High Sierra 10.13.4", 
        "description": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.", 
        "update": "", 
        "module": "LinkPresentation", 
        "id": "CVE-2018-4187", 
        "credit": "Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)", 
        "page": "https://support.apple.com/en-us/HT208742"
    }, 
    {
        "impact": "A malicious application may be able to elevate privileges", 
        "available": "Windows 7 and later", 
        "description": "A buffer overflow was addressed with improved size validation.", 
        "update": "", 
        "module": "Security", 
        "id": "CVE-2018-4144", 
        "credit": "Abraham Masri (@cheesecakeufo)", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4101", 
        "credit": "Yuan Deng of Ant-financial Light-Year Security Lab", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4114", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4118", 
        "credit": "Jun Kokatsu (@shhnjk)", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4119", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4120", 
        "credit": "Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4121", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4122", 
        "credit": "WanderingGlitch of Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4125", 
        "credit": "WanderingGlitch of Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4127", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4128", 
        "credit": "Zach Markley", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4129", 
        "credit": "likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4130", 
        "credit": "Omair working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4161", 
        "credit": "WanderingGlitch of Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4162", 
        "credit": "WanderingGlitch of Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4163", 
        "credit": "WanderingGlitch of Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4165", 
        "credit": "Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Unexpected interaction with indexing types causing an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4113", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to a denial of service", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4146", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "A malicious website may exfiltrate data cross-origin", 
        "available": "Windows 7 and later", 
        "description": "A cross-origin issue existed with the fetch API. This was addressed through improved input validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4117", 
        "credit": "an anonymous researcher, an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Unexpected interaction causes an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "This issue was addressed with improved checks.", 
        "update": "May 1, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4207", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Unexpected interaction causes an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "This issue was addressed with improved checks.", 
        "update": "May 1, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4208", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Unexpected interaction causes an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "This issue was addressed with improved checks.", 
        "update": "May 1, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4209", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Unexpected interaction with indexing types caused a failure", 
        "available": "Windows 7 and later", 
        "description": "An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.", 
        "update": "May 1, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4210", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Unexpected interaction causes an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "This issue was addressed with improved checks.", 
        "update": "May 1, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4212", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Unexpected interaction causes an ASSERT failure", 
        "available": "Windows 7 and later", 
        "description": "This issue was addressed with improved checks.", 
        "update": "May 1, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4213", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208697"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4102", 
        "credit": "Kai Zhao of 3H security team", 
        "page": "https://support.apple.com/en-us/HT208695"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4116", 
        "credit": "@littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/en-us/HT208695"
    }, 
    {
        "impact": "In Private Browsing, some downloads were not removed from the downloads list", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4", 
        "description": "An information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.", 
        "update": "May 2, 2018", 
        "module": "Safari Downloads", 
        "id": "CVE-2018-4186", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208695"
    }, 
    {
        "impact": "A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4", 
        "description": "Safari autofill did not require explicit user interaction before taking place. The issue was addressed with improved autofill heuristics.", 
        "update": "November 16, 2018", 
        "module": "Safari Login AutoFill", 
        "id": "CVE-2018-4137", 
        "credit": "", 
        "page": "https://support.apple.com/en-us/HT208695"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to a cross-site scripting attack", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4", 
        "description": "A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4133", 
        "credit": "Anton Lopanitsyn of Wallarm, Linus S\u00e4rud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation", 
        "page": "https://support.apple.com/en-us/HT208695"
    }, 
    {
        "impact": "Passwords supplied to sysadminctl may be exposed to other local users", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "The sysadminctl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. This update makes the password parameter optional, and sysadminctl will prompt for the password if needed.", 
        "update": "", 
        "module": "Admin Framework", 
        "id": "CVE-2018-4170", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An APFS volume password may be unexpectedly truncated", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An injection issue was addressed through improved input validation.", 
        "update": "", 
        "module": "APFS", 
        "id": "CVE-2018-4105", 
        "credit": "David J Beitey (@davidjb_), Geoffrey Bugniot", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Processing a maliciously crafted file might disclose user information", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.", 
        "update": "", 
        "module": "ATS", 
        "id": "CVE-2018-4112", 
        "credit": "Haik Aftandilian of Mozilla", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "CFNetwork Session", 
        "id": "CVE-2018-4166", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "CoreFoundation", 
        "id": "CVE-2018-4155", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "CoreFoundation", 
        "id": "CVE-2018-4158", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Processing a maliciously crafted string may lead to a denial of service", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A denial of service issue was addressed through improved memory handling.", 
        "update": "", 
        "module": "CoreText", 
        "id": "CVE-2018-4142", 
        "credit": "Robin Leroy of Google Switzerland GmbH", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Processing a maliciously crafted webpage may result in the mounting of a disk image", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6", 
        "description": "A logic issue was addressed with improved restrictions.", 
        "update": "", 
        "module": "CoreTypes", 
        "id": "CVE-2017-13890", 
        "credit": "Apple, Theodor Ragnar Gislason of Syndis", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Multiple issues in curl", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6", 
        "description": "An integer overflow existed in curl. This issue was addressed through improved bounds checking.", 
        "update": "March 30, 2018", 
        "module": "curl", 
        "id": "CVE-2017-8816", 
        "credit": "Alex Nichols", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Mounting a malicious disk image may result in the launching of an application", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A logic issue was addressed with improved validation.", 
        "update": "", 
        "module": "Disk Images", 
        "id": "CVE-2018-4176", 
        "credit": "Theodor Ragnar Gislason of Syndis", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An APFS volume password may be unexpectedly truncated", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An injection issue was addressed through improved input validation.", 
        "update": "", 
        "module": "Disk Management", 
        "id": "CVE-2018-4108", 
        "credit": "Kamatham Chaitanya of ShiftLeft Inc., an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "File System Events", 
        "id": "CVE-2018-4167", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "iCloud Drive", 
        "id": "CVE-2018-4151", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2018-4132", 
        "credit": "Axis and pjf of IceSword Lab of Qihoo 360", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOFireWireFamily", 
        "id": "CVE-2018-4135", 
        "credit": "Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4150", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4104", 
        "credit": "The UK's National Cyber Security Centre (NCSC)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4143", 
        "credit": "derrek (@derrekr6)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "An out-of-bounds read was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4136", 
        "credit": "Jonas Jensen of lgtm.com and Semmle", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An out-of-bounds read was addressed through improved bounds checking.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4160", 
        "credit": "Jonas Jensen of lgtm.com and Semmle", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "A malicious application may be able to determine kernel memory layout", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.", 
        "update": "July 19, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4185", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management.", 
        "update": "", 
        "module": "kext tools", 
        "id": "CVE-2018-4139", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "A maliciously crafted application may be able to bypass code signing enforcement", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A logic issue was addressed with improved validation.", 
        "update": "", 
        "module": "LaunchServices", 
        "id": "CVE-2018-4175", 
        "credit": "Theodor Ragnar Gislason of Syndis", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected Safari crash", 
        "available": "macOS Sierra 10.12.6, macOS High Sierra 10.13.3, OS X El Capitan 10.11.6", 
        "description": "A use after free issue was addressed with improved memory management.", 
        "update": "October 18, 2018", 
        "module": "libxml2", 
        "id": "CVE-2017-15412", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "A local user may be able to view senstive user information", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "There was an issue with the handling of smartcard PINs. This issue was addressed with additional logic.", 
        "update": "April 13, 2018", 
        "module": "Local Authentication", 
        "id": "CVE-2018-4179", 
        "credit": "David Fuhrmann", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An issue existed in the handling of S/MIME HTML e-mail. This issue was addressed by not loading remote resources on S/MIME encrypted messages by default if the message has an invalid or missing S/MIME signature.", 
        "update": "April 13, 2018", 
        "module": "Mail", 
        "id": "CVE-2018-4111", 
        "credit": "Damian Poddebniak of M\u00fcnster University of Applied Sciences, Christian Dresen of M\u00fcnster University of Applied Sciences, Jens M\u00fcller of Ruhr University Bochum, Fabian Ising of M\u00fcnster University of Applied Sciences, Sebastian Schinzel of M\u00fcnster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, J\u00f6rg Schwenk of Ruhr University Bochum", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "April 13, 2018", 
        "module": "Mail", 
        "id": "CVE-2018-4174", 
        "credit": "John McCombs of Integrated Mapping Ltd, McClain Looney of LoonSoft Inc.", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "Notes", 
        "id": "CVE-2018-4152", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "October 18, 2018", 
        "module": "Notes", 
        "id": "CVE-2017-7151", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "NVIDIA Graphics Drivers", 
        "id": "CVE-2018-4138", 
        "credit": "Axis and pjf of IceSword Lab of Qihoo 360", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Clicking a URL in a PDF may visit a malicious website", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An issue existed in the parsing of URLs in PDFs. This issue was addressed through improved input validation.", 
        "update": "April 9, 2018", 
        "module": "PDFKit", 
        "id": "CVE-2018-4107", 
        "credit": "Nick Safford of Innovia Technology", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "PluginKit", 
        "id": "CVE-2018-4156", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "Quick Look", 
        "id": "CVE-2018-4157", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "A remote user may be able to gain root privileges", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A permissions issue existed in Remote Management. This issue was addressed through improved permission validation.", 
        "update": "July 19, 2018", 
        "module": "Remote Management", 
        "id": "CVE-2018-4298", 
        "credit": "Tim van der Werff of SupCloud", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6", 
        "description": "A configuration issue was addressed with additional restrictions.", 
        "update": "August 8, 2018, updated September 25, 2018", 
        "module": "SIP", 
        "id": "CVE-2017-13911", 
        "credit": "Timothy Perfitt of Twocanoes Software", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "A malicious application may be able to access the microphone without indication to the user", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "A consistency issue existed in deciding when to show the microphone use indicator. The issue was resolved with improved capability validation.", 
        "update": "April 9, 2018", 
        "module": "Status Bar", 
        "id": "CVE-2018-4173", 
        "credit": "Joshua Pokotilow of pingmd", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An application may be able to gain elevated privileges", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A race condition was addressed with additional validation.", 
        "update": "", 
        "module": "Storage", 
        "id": "CVE-2018-4154", 
        "credit": "Samuel Gro\u00df (@5aelo)", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "A configuration profile may incorrectly remain in effect after removal", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.", 
        "update": "", 
        "module": "System Preferences", 
        "id": "CVE-2018-4115", 
        "credit": "Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Pasting malicious content may lead to arbitrary command execution spoofing", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3", 
        "description": "A command injection issue existed in the handling of Bracketed Paste Mode. This issue was addressed through improved validation of special characters.", 
        "update": "", 
        "module": "Terminal", 
        "id": "CVE-2018-4106", 
        "credit": "Simon Hosie", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled", 
        "available": "macOS High Sierra 10.13.3", 
        "description": "By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.", 
        "update": "", 
        "module": "WindowServer", 
        "id": "CVE-2018-4131", 
        "credit": "Andreas Hegenberg of folivora.AI GmbH", 
        "page": "https://support.apple.com/en-us/HT208692"
    }, 
    {
        "impact": "Multiple issues in llvm were addressed in this update", 
        "available": "macOS High Sierra 10.13.2 or later", 
        "description": "Multiple issues were addressed by updating to version the current version of LLVM shipping with Xcode.", 
        "update": "", 
        "module": "LLVM", 
        "id": "CVE-2018-4164", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208699"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to spoof password prompts in the Apple TV App", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An input validation issue was addressed through improved input validation.", 
        "update": "April 13, 2018", 
        "module": "Apple TV App", 
        "id": "CVE-2018-4177", 
        "credit": "Jerry Decime", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to see the email address used for iTunes", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An information disclosure issue existed in the handling of alarms and timers. This issue was addressed with improved access restrictions.", 
        "update": "November 16, 2018", 
        "module": "Clock", 
        "id": "CVE-2018-4123", 
        "credit": "Zaheen Hafzar M M (@zaheenhafzer)", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "File Widget may display contents on a locked device", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.", 
        "update": "", 
        "module": "Files Widget", 
        "id": "CVE-2018-4168", 
        "credit": "Brandon Moore", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.", 
        "update": "", 
        "module": "Find My iPhone", 
        "id": "CVE-2018-4172", 
        "credit": "Viljami Vastam\u00e4ki", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "Visiting a malicious website by clicking a link may lead to user interface spoofing", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "An inconsistent user interface issue was addressed with improved state management.", 
        "update": "", 
        "module": "Safari", 
        "id": "CVE-2018-4134", 
        "credit": "xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "Visiting a malicious website may lead to user interface spoofing", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A state management issue was addressed by disabling text input until the destination page loads.", 
        "update": "", 
        "module": "SafariViewController", 
        "id": "CVE-2018-4149", 
        "credit": "Abhinash Jain (@abhinashjain)", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "A remote attacker can cause a device to unexpectedly restart", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed with improved message validation.", 
        "update": "November 16, 2018", 
        "module": "Telephony", 
        "id": "CVE-2018-4140", 
        "credit": "@mjonsson, Arjan van der Oest of Voiceworks BV", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "iPhone 5s and later, and WiFi + Cellular models of iPad Air and later", 
        "description": "Multiple buffer overflows were addressed with improved input validation.", 
        "update": "March 30, 2018", 
        "module": "Telephony", 
        "id": "CVE-2018-4148", 
        "credit": "Nico Golde of Comsecuris UG", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "Cookies may unexpectedly persist in web app", 
        "available": "iPhone 5s and later, iPad Air and later, and iPod touch 6th generation", 
        "description": "A cookie management issue was addressed with improved state management.", 
        "update": "November 16, 2018", 
        "module": "Web App", 
        "id": "CVE-2018-4110", 
        "credit": "Ben Compton and Jason Colley of Cerner Corporation", 
        "page": "https://support.apple.com/en-us/HT208693"
    }, 
    {
        "impact": "Processing a maliciously crafted string may lead to heap corruption", 
        "available": "Apple TV 4K and Apple TV (4th generation)", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": "", 
        "module": "CoreText", 
        "id": "CVE-2018-4124", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208536"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4088", 
        "credit": "Jeonghoon Shin of Theori", 
        "page": "https://support.apple.com/en-us/HT208474"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "", 
        "module": "WebKit", 
        "id": "CVE-2018-4096", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208474"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 18, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4147", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208474"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 18, 2018", 
        "module": "WebKit Page Loading", 
        "id": "CVE-2017-7830", 
        "credit": "Jun Kokatsu (@shhnjk)", 
        "page": "https://support.apple.com/en-us/HT208474"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3", 
        "description": "Multiple memory corruption issues were addressed with improved memory handling.", 
        "update": "October 18, 2018", 
        "module": "WebKit", 
        "id": "CVE-2018-4089", 
        "credit": "Ivan Fratric of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208475"
    }, 
    {
        "impact": "Processing a maliciously crafted audio file may lead to arbitrary code execution", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "November 16, 2018", 
        "module": "Audio", 
        "id": "CVE-2018-4094", 
        "credit": "Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Core Bluetooth", 
        "id": "CVE-2018-4087", 
        "credit": "Rani Idan (@raniXCH) of Zimperium zLabs Team", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "Core Bluetooth", 
        "id": "CVE-2018-4095", 
        "credit": "Rani Idan (@raniXCH) of Zimperium zLabs Team", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "February 8, 2018", 
        "module": "Graphics Driver", 
        "id": "CVE-2018-4109", 
        "credit": "Adam Donenfeld (@doadam) of the Zimperium zLabs Team", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "All Apple Watch models", 
        "description": "A memory initialization issue was addressed with improved memory handling.", 
        "update": "November 16, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4090", 
        "credit": "Jann Horn of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "All Apple Watch models", 
        "description": "A race condition was addressed with improved locking.", 
        "update": "November 16, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4092", 
        "credit": "Stefan Esser of Antid0te UG", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with kernel privileges", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed with improved input validation.", 
        "update": "November 16, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4082", 
        "credit": "Russ Cox of Google", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "All Apple Watch models", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4093", 
        "credit": "Jann Horn of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "May 2, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4189", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.", 
        "update": "November 16, 2018", 
        "module": "QuartzCore", 
        "id": "CVE-2018-4085", 
        "credit": "Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "A certificate may have name constraints applied incorrectly", 
        "available": "All Apple Watch models", 
        "description": "A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.", 
        "update": "November 16, 2018", 
        "module": "Security", 
        "id": "CVE-2018-4086", 
        "credit": "Ian Haken of Netflix", 
        "page": "https://support.apple.com/en-us/HT208464"
    }, 
    {
        "impact": "Multiple issues in curl", 
        "available": "macOS High Sierra 10.13.2", 
        "description": "An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.", 
        "update": "November 16, 2018", 
        "module": "curl", 
        "id": "CVE-2017-8817", 
        "credit": "found by OSS-Fuzz", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "", 
        "available": "macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6", 
        "description": "Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.", 
        "update": "January 30, 2018", 
        "module": "EFI", 
        "id": "CVE-2017-5705", 
        "credit": "Mark Ermolov and Maxim Goryachy from Positive Technologies", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "", 
        "available": "macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6", 
        "description": "Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.", 
        "update": "January 30, 2018", 
        "module": "EFI", 
        "id": "CVE-2017-5708", 
        "credit": "Mark Ermolov and Maxim Goryachy from Positive Technologies", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6", 
        "description": "A memory corruption issue was addressed with improved memory handling.", 
        "update": "", 
        "module": "IOHIDFamily", 
        "id": "CVE-2018-4098", 
        "credit": "Siguza", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "An application may be able to read kernel memory (Meltdown)", 
        "available": "macOS Sierra 10.12.6, OS X El Capitan 10.11.6", 
        "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2017-5754", 
        "credit": "Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.2, macOS Sierra 10.12.6", 
        "description": "A logic issue was addressed with improved validation.", 
        "update": "", 
        "module": "Kernel", 
        "id": "CVE-2018-4097", 
        "credit": "Resecurity, Inc.", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS High Sierra 10.13.2", 
        "description": "An out-of-bounds read was addressed with improved input validation.", 
        "update": "May 2, 2018, updated November 16, 2018", 
        "module": "Kernel", 
        "id": "CVE-2018-4169", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "macOS High Sierra 10.13.2", 
        "description": "An access issue was addressed with additional sandbox restrictions.", 
        "update": "November 16, 2018", 
        "module": "Sandbox", 
        "id": "CVE-2018-4091", 
        "credit": "Alex Gaynor of Mozilla", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "An attacker may be able to bypass administrator authentication without supplying the administrator\u2019s password", 
        "available": "macOS High Sierra 10.13.2", 
        "description": "A logic error existed in the validation of credentials. This was addressed with improved credential validation.", 
        "update": "June 21, 2018", 
        "module": "Security", 
        "id": "CVE-2017-13889", 
        "credit": "Glenn G. Bruckno, P.E. of Automation Engineering, James Barnes, Kevin Manca of Computer Engineering Politecnico di Milano, Rene Malenfant of University of New Brunswick", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "macOS High Sierra 10.13.2, macOS Sierra 10.12.6", 
        "description": "A memory corruption issue was addressed with improved state management.", 
        "update": "February 9, 2018", 
        "module": "Touch Bar Support", 
        "id": "CVE-2018-4083", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "An application may be able to read restricted memory", 
        "available": "macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6", 
        "description": "A validation issue was addressed with improved input sanitization.", 
        "update": "", 
        "module": "Wi-Fi", 
        "id": "CVE-2018-4084", 
        "credit": "Hyung Sup Lee of Minionz, You Chan Lee of Hanyang University", 
        "page": "https://support.apple.com/en-us/HT208465"
    }, 
    {
        "impact": "", 
        "available": "macOS High Sierra 10.13.2", 
        "description": "macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).", 
        "update": "", 
        "module": "CPU", 
        "id": "CVE-2017-5753", 
        "credit": "Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance.", 
        "page": "https://support.apple.com/en-us/HT208397"
    }, 
    {
        "impact": "", 
        "available": "macOS High Sierra 10.13.2", 
        "description": "macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).", 
        "update": "", 
        "module": "CPU", 
        "id": "CVE-2017-5715", 
        "credit": "Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance.", 
        "page": "https://support.apple.com/en-us/HT208397"
    }
]