A vulnerability was found in Apple macOS up to 10.13.3 (Operating System) and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

The bug was discovered 01/23/2018. The weakness was released 01/23/2018 as HT208462 (Website). The advisory is shared at support.apple.com. The identification of this vulnerability is CVE-2018-4189 since 01/02/2018. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.

Applying the patch Security Update 2018-001 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Entries connected to this vulnerability are available at 112574, 112578, 112579 and 112580.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 10.13.0
• 10.13.1
• 10.13.2
• 10.13.3

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion