Security Bulletin: Kernel Buffer Overflow in IBM Security Trusteer Rapport for MacOS (CVE-2018-1985)

Summary

IBM Security Trusteer Rapport for MacOS is bundled with a driver which has a buffer overflow vulnerability. The affected driver was removed from the package.

Vulnerability Details

• CVEID:CVE-2018-1985
  DESCRIPTION: IBM Trusteer Rapport/Apex contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that could result in a kernel panic or arbitrary code execution.
  CVSS Base Score: 4.4
  CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154207&gt; for the current score
  CVSS Environmental Score*: Undefined
  CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Security Rapport for MacOS with version below 3.6.1908.26.

Remediation/Fixes

IBM Security Rapport for MacOS version 3.6.1908.26 and higher does not include the vulnerable driver. IBM pushed the new version of Rapport to end users, which addresses this vulnerability and includes other updates, by January 6, 2019. As with any updates to the Rapport agent, we recommend that customers continue to reinforce messaging that their end users reboot their machines to incorporate the upgrade.

Workarounds and Mitigations

None.