Vulnerability CVE-2018-4157


Published: 2018-04-03

Description:
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Type:

CWE-362

Vendor: Apple
Product: Iphone os 
Version:
9.3.5
9.3.4
9.3.3
9.3.2
9.3.1
9.3
9.2.1
9.2
9.1
9.0.2
9.0.1
9.0
8.4.1
8.3
8.2
8.1.3
8.1.2
8.1
8.0.2
8.0.1
8.0
7.1.2
7.1.1
7.1
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1
6.0.2
6.0.1
6.0
5.1.1
5.1
5.0.1
5.0
4.3.5
4.3.3
4.3.2
See more versions on NVD
Product: TVOS 
Version:
9.2.2
9.2.1
9.2
9.1.1
9.1
9.0.1
9.0
7.1
7.0.3
7.0.1
7.0
6.2.1
6.2
6.1.2
6.1.1
6.1
6.0.2
6.0.1
6.0
5.2.0
5.1.1
5.1.0
5.0.2
5.0.1
5.0.0
4.4.4
4.4.3
4.4.2
4.4.0
See more versions on NVD
Product: Apple tv 
Version:
9.1.1
9.0.1
7.1
7.0.3
7.0.1
7.0
6.2.1
6.2
6.1.2
6.1.1
6.1
6.0.2
6.0.1
6.0
5.2.0
5.1.1
5.1.0
5.0.2
5.0.1
5.0.0
4.4.4
4.4.3
4.4.2
4.4.0
See more versions on NVD

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id/1040604
http://www.securitytracker.com/id/1040608
https://support.apple.com/HT208692
https://support.apple.com/HT208693
https://support.apple.com/HT208696
https://support.apple.com/HT208698

Related CVE
CVE-2018-4470
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
CVE-2018-4465
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4464
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVE-2018-4463
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4462
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4461
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4460
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4456
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.

Copyright 2019, cxsecurity.com

 

Back to Top