6.5
CVSSv2

CVE-2018-4407

Published: 03/04/2019 Updated: 05/04/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 594
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Vulnerability Trend

Affected Products

Vendor Product Versions
AppleIphone Os1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.2, 2.2.1, 3.0, 3.0.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.2.1, 3.2.2, 4.0, 4.0.1, 4.0.2, 4.1, 4.2.1, 4.2.5, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.5, 5.0, 5.0.1, 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.1, 7.1.1, 7.1.2, 8.0, 8.0.1, 8.0.2, 8.1, 8.1.2, 8.1.3, 8.2, 8.3, 8.4.1, 9.0, 9.0.1, 9.0.2, 9.1, 9.2, 9.2.1, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.1, 10.1.1, 10.2, 10.2.1, 10.3, 10.3.1, 10.3.2, 10.3.3, 11, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.1, 11.1.1, 11.1.2, 11.2, 11.2.1, 11.2.2, 11.2.5, 11.2.6, 11.3, 11.3.1, 11.4, 11.4.1
AppleMac Os X-, 10.0, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.1, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.2, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 10.2.8, 10.3, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3.8, 10.3.9, 10.4, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 10.4.7, 10.4.8, 10.4.9, 10.4.10, 10.4.11, 10.5, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5, 10.5.6, 10.5.7, 10.5.8, 10.6.0, 10.6.1, 10.6.2, 10.6.3, 10.6.4, 10.6.5, 10.6.6, 10.6.7, 10.6.8, 10.7.0, 10.7.1, 10.7.2, 10.7.3, 10.7.4, 10.7.5, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.9, 10.9.1, 10.9.2, 10.9.3, 10.9.4, 10.9.5, 10.10.0, 10.10.1, 10.10.2, 10.10.3, 10.10.4, 10.10.5, 10.11.0, 10.11.1, 10.11.2, 10.11.3, 10.11.4, 10.11.5, 10.11.6, 10.12, 10.12.0, 10.12.1, 10.12.2, 10.12.3, 10.12.4, 10.12.5, 10.12.6, 10.13, 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.4, 10.13.5, 10.13.6
AppleTvos1.0.0, 1.1.0, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 3.0.0, 3.0.1, 3.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.4.0, 4.4.2, 4.4.3, 4.4.4, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.2.0, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.1, 6.1.2, 6.2, 6.2.1, 7.0, 7.0.1, 7.0.3, 7.1, 9.0, 9.0.1, 9.1, 9.1.1, 9.2, 9.2.1, 9.2.2, 10.0, 10.0.1, 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2, 11, 11.0, 11.1, 11.2, 11.2.1, 11.2.6, 11.3, 11.4.1
AppleWatchos1.0, 1.0.1, 2.0, 2.0.1, 2.1, 2.2, 2.2.0, 2.2.1, 2.2.2, 3.0, 3.1, 3.1.1, 3.1.3, 3.2, 3.2.2, 3.2.3, 4, 4.0, 4.0.1, 4.1, 4.2.3, 4.3, 4.3.1, 4.3.2

Vendor Advisories

About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5 watchOS 5 addresses the following: CFNetwork Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5 watchOS 5 addresses the following: CFNetwork Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12 tvOS 12 addresses the following: Auto Unlock Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12 tvOS 12 addresses the following: Auto Unlock Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue ...

Github Repositories

CVE-2018-4407 iOS Attack Exploit CVE-2018-4407 is a Simple and Very Fast BOF attack Against iOS/mac that can lead to DOS The vulnerability is a heap buffer overflow in the networking code in the XNU operating system kernel XNU is used by both iOS and macOS, which is why iPhones, iPads, and Macbooks are all affected Test Environment macOS High Sierra 10136 Python 36 iOS 11

AppleDOS (CVE-2018-4407) Based on CVE-2018-4407 (lgtmcom/blog/apple_xnu_icmp_error_CVE-2018-4407), this tweet, and this video The bug is heap overflow vulnerability in bad packet handling when OS try to send ICMP message containing segments from bad packet back to the sender This POC will crashes the vulnerable Apple devices by sending bad TCP packet data containing

My NSE Scripts CVE-2018-4407nse - IOS/OSX 缓冲区溢出DOS 攻击

CVE-2018-4407 iOS Attack Exploit CVE-2018-4407 is a Simple and Very Fast BOF attack Against iOS/mac that can lead to DOS The vulnerability is a heap buffer overflow in the networking code in the XNU operating system kernel XNU is used by both iOS and macOS, which is why iPhones, iPads, and Macbooks are all affected Test Environment macOS High Sierra 10136 Python 36 iOS 11

CVE-2018-4407-IOS CVE ? (Common Vulnerabilities and Exposures) TLDR The vulnerability is a heap buffer overflow in the networking code in the XNU operating system kernel XNU is used by both iOS and macOS, which is why iPhones, iPads, and Macbooks are all affected My exploit PoC just overwrites the heap with garbage, which causes an immediate kernel crash and device reboot

CVE-2018-4407 IOS/macOS kernel crash Usage: python CVE_2018_4407py IP/CIDR python CVE-2018_4407py 19216811 python CVE_2018_4407py 19216810/24 find iphone nmap -sS -p 62078 --open 19216810/24 attack python CVE_2018_4407py iphone_ip

node-cve-2018-4407 Nodejs PoC exploit code for CVE-2018-4407 Author: Sam Decrock This script is based on the scapy script provided by Zuk: iOS 12 / OS X *Remote Kernel Heap Overflow (CVE-2018-4407) POC* in a tweet:pip install scapysudo scapy send(IP(dst=“Target IP“,options=[IPOption(“A”*8)])/TCP(dport=2323,options=[(19, “1"*18),(19, “2&

CVE-2018-4407 reproduction This is a simple reproduction of CVE-2018-4407, which allows you to crash macOS and iOS devices with OSes from before late 2018 To use the program, replace sourceStr and destStr in send_badoptgo with your IP address and the victim's IP address, respectively After running send_badoptgo for a few seconds, the victim's machine should crash

原理 原理就是把"icmp"包的其他字段弄成非法 macOS or iphone 内核解析時沒實作檢查大小造成 crash 了 設備 Apple iOS 11及更早版本:所有設備 Apple macOS High Sierra(受影響的最高版本為10136):所有設備 Apple macOS Sierra(受影響的最高版本為10126):所有設備 Apple OS X El Capitan及更早

BadBunny Automatic implementation of CVE-2018-4407

CVE-2018-4407 CVE-2018-4407 is a buffer overflow vulnerability in the XNU kernel's ICMP error code It causes IOS devices to crash (both laptops and mobiles) upon receival of one (yes 1!) single bad packet The bug was originally disclosured by Kevin Backhouse on his lgtm blogpost on October 30th 2018 The code in this repo is a proof of concept of the CVE-2018-4407 exploi

Apple-ICMP-Buffer-Overflow-Automation-PoC Usage python CVE-2018-4407py a Router IP Usage python CVE-2018-4407py b Router IP Usage python CVE-2018-4407py c Usage python CVE-2018-4407py d Target IP Modes: a = Single Packet b = Multiple Packets (Better Possibility) c = All possible IPs Currently limted to 19216811/24 (Takes a Long time) d = Specific IP

Heap buffer overflow in icmp_error (CVE-2018-4407) Proof-of-concept exploit for a remotely triggerable heap buffer overflow vulnerability in iOS 1141 and macOS 10136 This exploit can be used to crash any vulnerable iOS or macOS device that is connected to the same network as the attacker's computer The vulnerability can be triggered without any user interaction on th

check_icmp_dos *iOS 12 / OS X Remote Kernel Heap Overflow (CVE-2018-4407) POC: pip install scapy sudo scapy send(IP(dst=“Target IP“,options=[IPOption(“A”*8)])/TCP(dport=2323,options=[(19, “1"*18),(19, “2”*18)])) 或使用脚本 python check_icmp_dospy 127001 该漏洞使得攻击者只要接入同一Wi-Fi网络,即可

Please do not share this link with Apple users (Exploit codes can have dramatic effects) Here is implementations of exploits that makes every iOS, Apple Watch and macOS versions crash Arsenal EffectivePower Zalgo Honey chaiOS Telugu SafariReaper CVE-2018-4407 Not responsible for any bricked iPhones

Please do not share this link with Apple users (Exploit codes can have dramatic effects) Here is implementations of exploits that makes every iOS, Apple Watch and macOS versions crash Arsenal EffectivePower Zalgo Honey chaiOS Telugu SafariReaper CVE-2018-4407 Not responsible for any bricked iPhones

CVE-2018-4407 Massive IOS/MAC Attack Exploit CVE-2018-4407 is a Simple and Very Fast BOF attack Against IOS/MAC that can lead to DOS The vulnerability is a heap buffer overflow in the networking code in the XNU operating system kernel XNU is used by both iOS and macOS, which is why iPhones, iPads, and Macbooks are all affected Usage apt-get install nmap git clone git

Apple-Remote-Crash-Tool-CVE-2018-4407 Crashes any macOS High Sierra or iOS 11 device that is on the same WiFi network Just a small Tool that uses a public 'heap buffer overflow vulnerability' (CVE-2018-4407) and makes it easier to exploit whole networks Requirements MacOS Python installed Scapy installed (pip install scapy) Basics Sends a malicious ICMP packet to t

PoC-iOS-1141 PoC iOS 1141 and MacOS 1013 Kernel Vulnerability (CVE-2018-4407) If you are a developer you can test it and do a full kernel crash

Toy-Box A toy box to save my python3 code toys Toys List RFC search RFC documents downloads tool zipPwn zip password crack tool SDscan sub-domain scan tool http_options_scan Dangerous HTTP options (PUT, MOVE) detection on the 80 or 443 port of the web server CVE-2018-9995_PoC Get TBK DVR uid and pwd CVE-2018-4407_PoC Crash iOS and OS X devices CVE-2015

Th1s 1s a rep0 ab0ut h3cking scr1pts shodan 调用shodan api 统计设备数量,如weblogic shodancountpy weblogic 调用shodan api 搜索设备,如weblogic shodansearchpy weblogic SMBLoris 通过smb服务对Windows服务器实施DOS攻击 chmod +x run10sh sh run10sh httpscan 一个http简易扫描脚本 如要扫描19216800/24 httpscanpy 19216800/24 dump_ssh_passwor

Magic Blogs and websites Exploits xiaodaozhicom/exploit/156html (CVE-2018-8120) Code: githubcom/unamer/CVE-2018-8120

Magic Blogs and websites Exploits xiaodaozhicom/exploit/156html (CVE-2018-8120) Code: githubcom/unamer/CVE-2018-8120

Dark Splitz - Frameworksploit This tools is continued from Nefix, DirsPy and Xmasspy project Installation Will work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux $ git clone githubcom/koboi137/darksplitz $ cd darksplitz/ $ sudo /installsh Features Extract mikrotik credential (userdat) Password generator Reverse IP lookup Mac addr

on-pwning This repository contains my solutions to some CTF challenges and a list of interesting resources about pwning stuff Write-Ups/PoCs 365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools | googleprojectzeroblogspotcom • fuzzing 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability | talosintelligencecom A cache invalidation bug in Li

PoC-and-Exp-of-Vulnerabilities 漏洞验证和利用代码收集 免责声明:本项目中的代码为互联网收集或自行编写,请勿用于非法用途,产生的法律责任和本人无关。针对Windows的PoC很多会被杀毒软件拦截,此为正常现象,请自行斟酌是否下载,如果有带有后门的exp,请通过提交issue联系我。 Windows

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

PoC-and-Exp-of-Vulnerabilities 漏洞验证和利用代码收集 免责声明:本项目中的代码为互联网收集或自行编写,请勿用于非法用途,产生的法律责任和本人无关。针对Windows的PoC很多会被杀毒软件拦截,此为正常现象,请自行斟酌是否下载,如果有带有后门的exp,请通过提交issue联系我。 Windows

Exploits Containing Self Made Perl Reproducers / PoC Codes This Git Repository Conatains Pesonnal Works That I Do On My free time Donations / Support If you want to support/help me/my projects : BTC : 1N9BgzVVT8ye3UEUXb2p7Pum7RbmEx3byz ETC : 0x789bc32e951ccdaa5702d70fe02e21f596baa085 ETH : 0x789bc32e951ccdaa5702d70fe02e21f596baa085 LTC : LVSPDkX5Dr95cKqQnCMoLgYyzGBdtSsi3y T

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

My Infosec Awesome My curated list of awesome links, resources and tools Articles Cryptography Digital Forensics and Incident Response Exploitation Hardening Malware Analysis Mobile Security Post Exploitation Privacy Reverse Engineering Tutorials Web Application Security Tools Adversary Emulation AWS Security Binary Analysis Cryptography Data Exfiltration Data Sets Digit

My Infosec Awesome My curated list of awesome links, resources and tools Articles Cryptography Digital Forensics and Incident Response Exploitation Hardening Malware Analysis Mobile Security Post Exploitation Privacy Reverse Engineering Tutorials Web Application Security Tools Adversary Emulation AWS Security Binary Analysis Cryptography Data Exfiltration Data Sets Digit

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Vulnerability
Threatpost • Stephen Pritchard • 31 Oct 2018

UPDATE
Apple tackled a bevy of vulnerabilities across all its platforms Tuesday, including one that allowed a remote attacker to initiate a FaceTime call by exploiting a bug in some model iPhones, iPads, and iPad Air devices. The wide-ranging security fixes came on the same day Apple announced a new laptop and Mac Mini, and a new iPad Pro.
Most notable of the vulnerabilities fixed by Apple was the FaceTime vulnerability, CVE-2018-4367, found by Google Project Zero researcher Natalie ...