Arbitrary Code Execution and Memory Corruption in Apple iOS, tvOS, and watchOS
CVE-2018-4109

7.8HIGH

Key Information:

Vendor
Apple
Status
iPhone OS
Apple Tv
Watch OS
Vendor
CVE Published:
3 April 2018

Summary

A vulnerability exists in various Apple products, affecting iOS, tvOS, and watchOS prior to their respective version updates. This vulnerability arises from an issue within the Graphics Driver component, which could enable attackers to execute arbitrary code in a privileged context. Additionally, the flaw can lead to memory corruption, potentially resulting in a denial of service when a specially crafted application is run on affected devices. It is crucial for users to keep their systems updated to mitigate these risks.

References

https://support.apple.com/HT208462
x_refsource_CONFIRM
https://support.apple.com/HT208464
x_refsource_CONFIRM
https://support.apple.com/HT208463
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-4109 : Arbitrary Code Execution and Memory Corruption in Apple iOS, tvOS, and watchOS | SecurityVulnerability.io