CVE-2018-7704 A remote code execution vulnerability exists in the way the OS X App Suite Java SDK honors XML input. An attacker can send specially crafted XML data to the affected system, which can result in remote code execution. This update addresses the CVE to ensure that the OS X App Suite Java SDK no longer allows XML data to be accepted from remote sources.
CVE-2018-7703 A remote code execution vulnerability exists in the way the OS X App Suite Java SDK handles deserialized data. An attacker can send specially crafted data to the affected system, which can result in remote code execution. This update addresses the CVE to ensure that the OS X App Suite Java SDK no longer deserializes data from remote sources.
CVE-2018-7702 A remote code execution vulnerability exists in the way the OS X App Suite Java SDK handles deserialized data. An attacker can send specially crafted data to the affected system, which can result in remote code execution. This update addresses the CVE to ensure that the OS X App Suite Java SDK no longer deserializes data from remote sources.
CVE-2018-7701 A remote code execution vulnerability exists in the way the OS X App Suite Java SDK handles deserialized data. An attacker can send specially crafted data to the affected system, which can result in remote code execution. This update addresses the CVE to ensure that the OS X App Suite Java SDK no longer deserializes data from remote sources.
Estimations for OS X
App Suite Java SDK Security Updates
The following table provides estimations for the number of users affected by these updates:
What is the Apple Software Update Service?
The Apple Software Update Service is a system service in macOS that provides automatic software updates for Apple products from the Internet. The service checks for updates on startup and downloads and installs them if they are found. It also provides a way to check whether macOS software updates are available. The service can be configured to check for update availability at a specific time of day or during one or more periods per day, such as when the computer wakes up or when it shuts down.
Software updates downloaded by the Apple Software Update Service install automatically and without user interaction, unless the user chooses to cancel the installation process before it finishes. If an update requires a restart, the user is notified before starting that restart process.
Bounds Checking
CVE-2018-7700 A remote code execution vulnerability exists in the way the OS X App Suite Java SDK handles deserialized data. An attacker can send specially crafted data to the affected system, which can result in remote code execution. This update addresses the CVE to ensure that the OS X App Suite Java SDK no longer deserializes data from remote sources.
Description of Vulnerability
The OS X App Suite Java SDK allows users to create and modify documentations that are saved as XML files. The affected system accepts XML data from remote sources, which is used to build the documentation, and creates a malformed XML file when deserialization occurs. This causes the system to crash or execute arbitrary code with privileges of the user running the vulnerable application.
Timeline
Published on: 07/27/2022 14:15:00 UTC
Last modified on: 08/03/2022 13:53:00 UTC