Arbitrary Code Execution Vulnerability in Apple Kernel Component of Affected iOS and macOS Products
CVE-2018-4249

7.8HIGH

Key Information:

Vendor: Apple
Status: Mac Os X; iPhone OS; Apple Tv; Watch OS
Vendor: CVE Published:; 8 June 2018

Summary

An issue exists in the Apple kernel component due to insufficient validation in the pktmnglr_ipfilter_input function. This vulnerability can be exploited by crafted applications, enabling attackers to execute arbitrary code in a privileged context or trigger a denial of service through integer overflow and stack-based buffer overflow conditions. The flaw impacts several Apple operating systems, highlighting the importance of timely updates to maintain device security.

References

https://support.apple.com/HT208850

https://support.apple.com/HT208851

http://www.securitytracker.com/id/1041027

vdb-entry

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2018
Vulnerability Reserved
Jan 2, 2018