CVE-2018-4248

Published: 03/04/2019 Updated: 04/04/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple watchos
apple mac os x
apple tvos

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availa ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the following: AMD Available for: macOS High Sierra 1 ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 1141 iOS 1141 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improv ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availabl ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-3 tvOS 1141 tvOS 1141 is now available and addresses the following: CFNetwork Available for: Apple TV 4K and Apple TV (4th generation) Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: a ...

CVE-2018-4248: Out-of-bounds read in libxpc during string serialization.

xpc-string-leak xpc-string-leak is a proof-of-concept exploit for an out-of-bounds memory read in libxpc This exploit uses the vulnerability to read out-of-bounds heap memory from diagnosticd, an unsandboxed root process with the task_for_pid-allow entitlement The vulnerability: CVE-2018-4248 On macOS 10135 and iOS 114, the function _xpc_string_deserialize does not verify

CWE-125 https://support.apple.com/kb/HT208938 https://support.apple.com/kb/HT208937 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208935 https://nvd.nist.gov https://github.com/bazad/xpc-string-leak http://seclists.org/fulldisclosure/2018/Nov/20

CVE-2018-4248

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect