Arbitrary Code Execution Vulnerability in Apple iOS, macOS, tvOS, and watchOS Products
CVE-2018-4082

7.8HIGH

Key Information:

Vendor
Apple
Status
iPhone OS
Mac Os X
Apple Tv
Watch OS
Vendor
CVE Published:
3 April 2018

Summary

An issue identified in various Apple operating systems, including iOS, macOS, tvOS, and watchOS, allows attackers to execute arbitrary code with elevated privileges or potentially lead to a denial of service through memory corruption. This vulnerability is linked to the Kernel component and can be exploited via specially crafted applications. Users are advised to update to the latest versions to mitigate risks associated with this security flaw.

References

https://support.apple.com/HT208462
x_refsource_CONFIRM
https://support.apple.com/HT208465
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040265
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.