NA

CVE-2018-4420

Vulnerability Summary

Apple macOS could allow a local malicious user to gain elevated privileges on the system, caused by a memory corruption error in the Kernel component. By using a specially-crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

Vulnerability Trend

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-5 tvOS 121 tvOS 121 is now available and addresses the following: CoreCrypto Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-4 watchOS 51 watchOS 51 is now available and addresses the following: AppleAVD Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation C ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-5 tvOS 121 tvOS 121 is now available and addresses the following: CoreCrypto Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-1 iOS 121 iOS 121 is now available and addresses the following: AppleAVD Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: A memory corruption ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-4 watchOS 51 watchOS 51 is now available and addresses the following: AppleAVD Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation C ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-1 iOS 121 iOS 121 is now available and addresses the following: AppleAVD Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing malicious video via FaceTime may lead to arbitrary code execution Description: A memory corruption ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...

Github Repositories

CVE-pocs This repo contains some of my vuln research results

References