Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2018-4251

Published: 08/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:C/A:N
Subscribe to Apple

Vulnerability Summary

An issue exists in certain Apple products. macOS prior to 10.13.5 is affected. The issue involves the "Firmware" component. It allows malicious users to modify the EFI flash-memory region that a crafted app that has root access.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Mailing Lists

Full Disclosure: Repeat of CVE-2018-4251 in Razer Laptops
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Repeat of CVE-2018-4251 in Razer Laptops <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Bailey Fox &lt;b ...
Full Disclosure: APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10135, Security Update 2018-0 ...

Github Repositories

https://github.com/ptresearch/mmdetect

Intel ME Manufacturing Mode Detection Tools

Intel ME Manufacturing Mode Detection Tools This repository contains Python 27 scripts for checking the state of the Intel ME Manufacturing Mode Manufacturing Mode Intel ME has a Manufacturing Mode designed to be used exclusively by motherboard manufacturers This mode provides some additional opportunities that an attacker can take advantage of When Manufacturing Mode is en

Recent Articles

Razer – perfectly happy to sell you a laptop for over $2,000, but when it comes to fixing security holes... tough sh*t
The Register • Shaun Nichols in San Francisco • 03 Apr 2019

Slack motherboard firmware controls leave machines open to deep-rooted malware

Updated Gaming PC specialist Razer has been singled out for leaving its motherboards vulnerable to a well-known and critical firmware vulnerability. Infosec bod Bailey Fox said Razer's Intel notebook models are still vulnerable to CVE-2018-4251, a security screw-up that potentially allows malware with administrative rights to alter the system's firmware, thus allowing it to burrow deep into the PC and survive reboots and hard drive wipes. The issue has been known about since last year, and has b...

Read more...
Apple forgot to lock Intel Management Engine in laptops, so get patching
The Register • Thomas Claburn in San Francisco • 03 Oct 2018

Chipzilla's security through obscurity withers under scrutiny Intel Management Engine JTAG flaw proof-of-concept published

In its ongoing exploration of Intel's Management Engine (ME), security biz Positive Technologies has reaffirmed the shortsightedness of security through obscurity and underscored the value of open source silicon. The Intel ME, included on most Intel chipsets since 2008, is controversial because it expands the attack surface of Intel-based hardware. If compromised, it becomes side-channel threat to the main processor. The Electronic Frontier Foundation last year called it a security hazard and as...

Read more...

References

CWE-732https://support.apple.com/HT208849http://www.securitytracker.com/id/1041027http://seclists.org/fulldisclosure/2019/Mar/45https://nvd.nist.govhttps://github.com/ptresearch/mmdetecthttps://www.theregister.co.uk/2018/10/03/intel_management_engine_hole/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook