CVE-2018-4237

Published: 08/06/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in certain Apple products. iOS prior to 11.4 is affected. macOS prior to 10.13.5 is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "libxpc" component. It allows malicious users to gain privileges via a crafted app that leverages a logic error.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple mac os x
apple watchos
apple tvos

This Metasploit module exploits a vulnerability in libxpc on macOS versions 10133 and below The task_set_special_port API allows callers to overwrite their bootstrap port, which is used to communicate with launchd This port is inherited across forks: child processes will use the same bootstrap port as the parent By overwriting the bootstrap po ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 114 iOS 114 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer ov ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10135, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10135, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan address the following: Accessibil ...

Introduction to macOS - Mach Ports In previous blogposts, we discussed several security mechanisms of macOS: We discussed how Entitlements effectively create another security layer We mentioned SIP and how it seperates the system from the root user We discussed the macOS App Sandbox and how it can enforce policies on processes We mentioned Gatekeeper and the Quarantine Exte

NVD-CWE-noinfo https://support.apple.com/HT208851 https://support.apple.com/HT208850 https://support.apple.com/HT208849 https://support.apple.com/HT208848 http://www.securitytracker.com/id/1041027 https://www.exploit-db.com/exploits/45916/https://nvd.nist.gov https://github.com/yo-yo-yo-jbo/macos_mach_ports https://packetstormsecurity.com/files/150488/Mac-OS-X-libxpc-MITM-Privilege-Escalation.html

CVE-2018-4237

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect