Remote Code Execution Risk in Apple Products via FontParser
CVE-2018-4211

7.8HIGH

Key Information:

Vendor
Apple
Status
Mac Os X
iPhone OS
Apple Tv
Watch OS
Vendor
CVE Published:
8 June 2018

Summary

An issue in the FontParser component of various Apple products can be exploited by remote attackers using specially crafted font files. This vulnerability can lead to the execution of arbitrary code, causing memory corruption or resulting in application crashes. Affected platforms include iOS versions prior to 11.4, macOS versions before 10.13.5, tvOS versions before 11.4, and watchOS versions earlier than 4.3.1. Users are advised to update their systems to mitigate these risks.

References

https://support.apple.com/HT208850
x_refsource_CONFIRM
https://support.apple.com/HT208851
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041027
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.