Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2018-4243

Published: 08/06/2018 Updated: 17/07/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 937
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.4 is affected. macOS prior to 10.13.5 is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows malicious users to execute arbitrary code in a privileged context via a crafted app.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple apple tv

apple mac os x

apple watchos

Exploits

Exploit DB: Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist
/* getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall When allocating a kernel buffer to serialize the attr list to there's the following comment: /* * Allocate a target buffer for attribute results * Note that since we won't ever copy out more than the caller requested, * we never need to allocat ...

Mailing Lists

Full Disclosure: APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10135, Security Update 2018-0 ...

Github Repositories

https://github.com/awesomehd1/JailbreakMe

JailbreakMe Huge Note This is very unstable and This is only work on Iphone 8 (iOS 1131) Notes This exploit obtains tfp0 from the WebContent sandbox (ie from a website), via two known bugs: CVE-2018-4233 (discovered by saelo, reported via ZDI, exploit by niklasb) and CVE-2018-4243 (empty_list exploit by Ian Beer), both fixed in 114 See pwn_i8js for details I have no pl

https://github.com/NickA1260/My-Coding-Bio

Jailbreak For iOS 11.2-11.3 Safari

!!! NOT USEFUL FOR END USERS !!! THIS IS ONLY INTERESTING FOR DEVELOPERS, EXPECT NO SUPPORT IN ANY SHAPE OR FORM! This exploit obtains tfp0 from the WebContent sandbox (ie from a website), via two known bugs: CVE-2018-4233 (discovered by saelo, reported via ZDI, exploit by niklasb) and CVE-2018-4243 (empty_list exploit by Ian Beer), both fixed in 114 See pwn_i8js for detai

https://github.com/Tom-ODonnell/TFP0-via-Safari-iOS-11.3.1

This is a *mirror* of a POC Safari Exploit for iOS 11.3.1 that runs empty_list to achieve TFP0. This POC is by niklsab

!!! NOT USEFUL FOR END USERS !!! THIS IS ONLY INTERESTING FOR DEVELOPERS, EXPECT NO SUPPORT IN ANY SHAPE OR FORM! This exploit obtains tfp0 from the WebContent sandbox (ie from a website), via two known bugs: CVE-2018-4233 (discovered by saelo, reported via ZDI, exploit by niklasb) and CVE-2018-4243 (empty_list exploit by Ian Beer), both fixed in 114 See pwn_i8js for detai

https://github.com/C9Shady/webvfs

!!! NOT USEFUL FOR END USERS !!! THIS IS ONLY INTERESTING FOR DEVELOPERS, EXPECT NO SUPPORT IN ANY SHAPE OR FORM! This exploit obtains tfp0 from the WebContent sandbox (ie from a website), via two known bugs: CVE-2018-4233 (discovered by saelo, reported via ZDI, exploit by niklasb) and CVE-2018-4243 (empty_list exploit by Ian Beer), both fixed in 114 See pwn_i8js for detai

https://github.com/kazaf0322/jb5.0

!!! NOT USEFUL FOR END USERS !!! THIS IS ONLY INTERESTING FOR DEVELOPERS, EXPECT NO SUPPORT IN ANY SHAPE OR FORM! This exploit obtains tfp0 from the WebContent sandbox (ie from a website), via two known bugs: CVE-2018-4233 (discovered by saelo, reported via ZDI, exploit by niklasb) and CVE-2018-4243 (empty_list exploit by Ian Beer), both fixed in 114 See pwn_i8js for detai

https://github.com/Yangcheesen/jailbreakme

!!! NOT USEFUL FOR END USERS !!! THIS IS ONLY INTERESTING FOR DEVELOPERS, EXPECT NO SUPPORT IN ANY SHAPE OR FORM! This exploit obtains tfp0 from the WebContent sandbox (ie from a website), via two known bugs, CVE-2018-4233 and CVE-2018-4243 See pwn_i8js for details I have no plans to work on this more Stage 2 is closed source for now so people don't write malware, bu

https://github.com/nqcshady/webvfs

!!! NOT USEFUL FOR END USERS !!! THIS IS ONLY INTERESTING FOR DEVELOPERS, EXPECT NO SUPPORT IN ANY SHAPE OR FORM! This exploit obtains tfp0 from the WebContent sandbox (ie from a website), via two known bugs: CVE-2018-4233 (discovered by saelo, reported via ZDI, exploit by niklasb) and CVE-2018-4243 (empty_list exploit by Ian Beer), both fixed in 114 See pwn_i8js for detai

References

CWE-119https://support.apple.com/HT208851https://support.apple.com/HT208850https://support.apple.com/HT208849https://support.apple.com/HT208848https://bugs.chromium.org/p/project-zero/issues/detail?id=1564https://www.exploit-db.com/exploits/44848/http://www.securitytracker.com/id/1041027https://nvd.nist.govhttps://www.exploit-db.com/exploits/44848/https://github.com/NickA1260/My-Coding-Bio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook