An issue exists in certain Apple products. iOS prior to 11.3.1 is affected. macOS prior to 10.13.4 Security Update 2018-001 is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |
||
apple apple tv |
||
apple mac os x |
||
apple watchos |
Cook's Cupertino crew corrects coding cockups It's 2018 and your Macs, iPhones can be pwned by playing evil music
Apple has issued a trio of updates to patch security vulnerabilities in Safari, macOS, and iOS. For iOS, the update to 11.3.1 addresses a total of four CVE-listed vulnerabilities, including one that is present in the debugging tool used across both iOS and the macOS. That vulnerability, CVE-2018-4206, was spotted in Crash Reporter by researcher Ian Beer of Google's Project Zero. According to Apple, a vulnerability in Crash Reporter's error handling would have allowed an application to trigger a ...