Null Pointer Dereference in Apple Products Affecting macOS and iOS
CVE-2018-4302

7.8HIGH

Key Information:

Vendor

Apple
Status
iOS
Watch OS
Itunes For Windows
Icloud For Windows
Vendor
CVE Published:
23 December 2021

What is CVE-2018-4302?

This vulnerability is characterized by a null pointer dereference, which can occur when processing specially crafted XML files. If exploited, it may lead to unexpected termination of applications or allow for arbitrary code execution on affected devices. Apple has released updates to address this issue in several products, enhancing validation mechanisms to prevent potential exploitation. Users of macOS High Sierra, iOS, and other related platforms should ensure they are running the latest versions to safeguard their systems.

Affected Version(s)

iCloud for Windows < 7.0

iOS < 11

iTunes for Windows < 12.7

References

https://support.apple.com/en-us/HT208144
x_refsource_MISC
https://support.apple.com/en-us/HT208112
x_refsource_MISC
https://support.apple.com/en-us/HT208115
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.