Published: 03/04/2019 Updated: 04/04/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
apple iphone os
apple tvos
apple watchos

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-0 ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-7-9-1 iOS 1141   From: Apple Product Security &lt ...

CVE-2018-4248: Out-of-bounds read in libxpc during string serialization.

xpc-string-leak xpc-string-leak is a proof-of-concept exploit for an out-of-bounds memory read in libxpc This exploit uses the vulnerability to read out-of-bounds heap memory from diagnosticd, an unsandboxed root process with the task_for_pid-allow entitlement The vulnerability: CVE-2018-4248 On macOS 10135 and iOS 114, the function _xpc_string_deserialize does not verify

CWE-125 https://support.apple.com/kb/HT208938 https://support.apple.com/kb/HT208937 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208935 https://nvd.nist.gov https://github.com/bazad/xpc-string-leak http://seclists.org/fulldisclosure/2018/Nov/20

CVE-2018-4248

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect