Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-4206

Published: 08/06/2018 Updated: 17/07/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Iphone Os

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.3.1 is affected. macOS prior to 10.13.4 Security Update 2018-001 is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple apple tv

apple mac os x

apple watchos

Exploits

Exploit DB: Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules
/* ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes Most processes can talk to ReportCrash via their exception ports (either task or host level) You would normally never send a message yourself to ReportCrash but the kernel would do it on your behalf when you crash However using the task_get_exception ...

Recent Articles

Apple debugs debugger, nukes pesky vulns in iOS, WebKit, macOS
The Register • Shaun Nichols in San Francisco • 25 Apr 2018

Cook's Cupertino crew corrects coding cockups It's 2018 and your Macs, iPhones can be pwned by playing evil music

Apple has issued a trio of updates to patch security vulnerabilities in Safari, macOS, and iOS. For iOS, the update to 11.3.1 addresses a total of four CVE-listed vulnerabilities, including one that is present in the debugging tool used across both iOS and the macOS. That vulnerability, CVE-2018-4206, was spotted in Crash Reporter by researcher Ian Beer of Google's Project Zero. According to Apple, a vulnerability in Crash Reporter's error handling would have allowed an application to trigger a ...

Read more...

References

CWE-119https://support.apple.com/HT208851https://support.apple.com/HT208850https://support.apple.com/HT208743https://support.apple.com/HT208742https://bugs.chromium.org/p/project-zero/issues/detail?id=1529https://www.exploit-db.com/exploits/44562/http://www.securitytracker.com/id/1040744http://www.securityfocus.com/bid/103958http://www.securityfocus.com/bid/103957https://nvd.nist.govhttps://www.exploit-db.com/exploits/44562/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook