Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2018-4193

Published: 08/06/2018 Updated: 26/02/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 936
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

An issue exists in certain Apple products. macOS prior to 10.13.5 is affected. The issue involves the "Windows Server" component. It allows malicious users to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Exploits

Exploit DB: Apple macOS 10.13.5 - Local Privilege Escalation
#import <Cocoa/Cocoah> #import <dlfcnh> #import <mach-o/dyldh> #import <mach-o/getsecth> #import <mach/mach_vmh> #import <pthreadh> #import "offsetsh" //utils #define ENFORCE(a, label) \ do { \ if (__builtin_expect(!(a), 0)) \ { \ timed_log("[!] %s is false (l%d)\n", #a, ...

Mailing Lists

Full Disclosure: APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10135, Security Update 2018-0 ...

Github Repositories

https://github.com/aslrfellow/aslrfellow.github.io

Welcome to ASLR Fellow This page will target to provide sample POC to bypass ASLR and DEP using dangling pointer or memmory leak Links 6/20/19 [return_to_libc_32_64_bit]({{ siteurl }}/return_to_libc_32_64_bit) Links 6/19/19 [smash-stack-getroot-using-payload]({{ siteurl }}/smash-stack-getroot-using-payload) Links 6/16/19 [smash-stack-getroot-using-environment]({{ siteu

https://github.com/ret2/P2O_2018

PWN2OWN 2018 - Safari + Root This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018 It has been released for educational purposes, detailed by a series of blogposts These were used as zero-day exploits against macOS 10133 &amp; Safari/JSC on March 16th, 2018 Contents /jsc - JavaScriptCore Exploit &amp; PoC for CVE-2018-4192 /windowserver - WindowS

https://github.com/Synacktiv-contrib/CVE-2018-4193

exploit for CVE-2018-4193

exploit for CVE-2018-4193

https://github.com/Synacktiv/CVE-2018-4193

exploit for CVE-2018-4193

exploit for CVE-2018-4193

References

CWE-119https://support.apple.com/HT208849http://www.securitytracker.com/id/1041027https://www.exploit-db.com/exploits/46428/http://www.securityfocus.com/bid/107135https://nvd.nist.govhttps://www.exploit-db.com/exploits/46428https://github.com/Synacktiv-contrib/CVE-2018-4193
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook