Race Condition Vulnerability in Apple's Kernel Component
CVE-2018-4092

4.7MEDIUM

Key Information:

Vendor
Apple
Status
iPhone OS
Mac Os X
Apple Tv
Watch OS
Vendor
CVE Published:
3 April 2018

Summary

A vulnerability identified in the Kernel component of several Apple operating systems can allow unauthorized memory access. This race condition could enable attackers to circumvent security measures put in place to restrict memory-read access, leading to potential data exposure. Affected systems include iOS, macOS, tvOS, and watchOS prior to their respective security updates. Users are advised to update to the latest software versions to mitigate any risk associated with this issue.

References

https://support.apple.com/HT208462
x_refsource_CONFIRM
https://support.apple.com/HT208465
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040265
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.