Apple macOS up to 10.14.0 Application access control

Summaryinfo

A vulnerability identified as critical has been detected in Apple macOS up to 10.14.0. This impacts an unknown function of the component Application Handler. This manipulation causes access control. This vulnerability is handled as CVE-2018-4468. It is possible to launch the attack on the local host. There is not any exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability classified as critical was found in Apple macOS up to 10.14.0 (Operating System). Affected by this vulnerability is some unknown functionality of the component Application Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 10/28/2020 as HT209193. It is possible to read the advisory at support.apple.com. This vulnerability is known as CVE-2018-4468. The exploitation appears to be easy. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

Upgrading to version 10.14.1 eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 10.0
• 10.1
• 10.2
• 10.3
• 10.4
• 10.5
• 10.6
• 10.7
• 10.8
• 10.9
• 10.10
• 10.11
• 10.12
• 10.13
• 10.14.0

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion