Remote Code Execution Risk in Apple Products via FontParser
CVE-2018-4211

7.8HIGH

Key Information:

Vendor

Apple
Status
Mac Os X
iPhone OS
Apple Tv
Watch OS
Vendor
CVE Published:
8 June 2018

What is CVE-2018-4211?

An issue in the FontParser component of various Apple products can be exploited by remote attackers using specially crafted font files. This vulnerability can lead to the execution of arbitrary code, causing memory corruption or resulting in application crashes. Affected platforms include iOS versions prior to 11.4, macOS versions before 10.13.5, tvOS versions before 11.4, and watchOS versions earlier than 4.3.1. Users are advised to update their systems to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.apple.com/HT208850
x_refsource_CONFIRM
https://support.apple.com/HT208851
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041027
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.