AppleがmacOS 10.13.4 High SierraのSecurity Update 2018-001で悪意のあるアプリがカーネル権限を取得できる脆弱性「CVE-2018-8897」を修正したと発表しています。詳細は以下から。
Appleは現地時間2018年05月08日、04月24日にリリースしたmacOS 10.13.4 High Sierra向けの「セキュリティアップデート 2018-001」の詳細をアップデートし、同アップデートで悪意のあるアプリがカーネル権限を取得し、任意のコードを実行できる脆弱性「CVE-2018-8897」を修正したと発表しています。
Kernel
- Available for: macOS High Sierra 10.13.4
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception after certain instructions. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes.
- CVE-2018-8897: Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC
About the security content of Security Update 2018-001 – Apple Support
脆弱性「CVE-2018-8897」にはEverdox Tech LLCのAndy Lutomirski, Nick Petersonさんらがクレジットされており、この脆弱性は「Intel 64 and IA-32 Architectures SDM」のステートメント処理がほとんどのOSで誤って処理されてていたことが原因で、影響範囲が広いようなのでまだアップデートを行っていない方は時間を見つけてアップデートすることをお勧めします。
Red Hat Product Security is currently responding to Important POP SS kernel and KVM flaws. For more details on CVE-2018-8897 & CVE-2018-1087, see https://t.co/1Q1SWZ9TOA
— Red Hat Security (@RedHatSecurity) 2018年5月8日
Hugo kudos to @0xNemi for discovering a huge cross-OS vulnerability in Intel and AMD processor architecture that leads to privilege escalation with a simple “pop SS”. This is way bigger than meltdown IMO 😉 https://t.co/5qFTu3OFe6
— Alex Ionescu (@aionescu) 2018年5月8日
cve-2018-8897 whitepaperhttps://t.co/g3E7TEHDCo
— nick (@nickeverdox) 2018年5月8日
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer’s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in some Xen configurations or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3).
NVD – CVE-2018-8897
- About the security content of Security Update 2018-001 – Apple Support
- CVE-2018-8897 | Windows Kernel Elevation of Privilege Vulnerability – Microsoft
- Linux Kernel 等の脆弱性(CVE-2018-8897, CVE-2018-1087) – サイオスOSS
- Xen Security Advisory 260 (CVE-2018-8897) – x86: mishandling of debug exceptions – OSS-Sec
コメント