Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-4363 (GCVE-0-2018-4363)
Vulnerability from cvelistv5
Published
2019-04-03 17:43
Modified
2024-08-05 05:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An application may be able to read restricted memory
Summary
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
References
| URL | Tags | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | iOS, tvOS, watchOS |
Version: Versions prior to: iOS 12, tvOS 12, watchOS 5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:11:22.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS, tvOS, watchOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to read restricted memory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T17:43:16",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, tvOS, watchOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to read restricted memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209107",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209107"
},
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT209108",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2018-4363",
"datePublished": "2019-04-03T17:43:16",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:11:22.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-4363\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-04-03T18:29:10.610\",\"lastModified\":\"2024-11-21T04:07:16.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.\"},{\"lang\":\"es\",\"value\":\"Exist\u00eda un problema de validaci\u00f3n de entradas en el kernel. Este problema se abord\u00f3 con una validaci\u00f3n de entradas mejorada. Este problema afectaba a iOS en versiones anteriores a la 12, tvOS en versiones anteriores a la 12 y watchOS en versiones anteriores a la 5.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0\",\"matchCriteriaId\":\"37A59AD6-A000-48BE-A575-D1A39DCB0D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12\",\"matchCriteriaId\":\"072DC7F5-B539-478D-B566-7F3FF2BC2671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0\",\"matchCriteriaId\":\"397E2910-7F1A-4576-B28D-E5796DE20CC8\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/kb/HT209106\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209107\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209108\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
fkie_cve-2018-4363
Vulnerability from fkie_nvd
Published
2019-04-03 18:29
Modified
2024-11-21 04:07
Severity ?
Summary
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/kb/HT209106 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/kb/HT209107 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/kb/HT209108 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT209106 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT209107 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT209108 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37A59AD6-A000-48BE-A575-D1A39DCB0D88",
"versionEndExcluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "072DC7F5-B539-478D-B566-7F3FF2BC2671",
"versionEndExcluding": "12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "397E2910-7F1A-4576-B28D-E5796DE20CC8",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
},
{
"lang": "es",
"value": "Exist\u00eda un problema de validaci\u00f3n de entradas en el kernel. Este problema se abord\u00f3 con una validaci\u00f3n de entradas mejorada. Este problema afectaba a iOS en versiones anteriores a la 12, tvOS en versiones anteriores a la 12 y watchOS en versiones anteriores a la 5."
}
],
"id": "CVE-2018-4363",
"lastModified": "2024-11-21T04:07:16.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-03T18:29:10.610",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209108"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2018-4363
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-4363",
"description": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.",
"id": "GSD-2018-4363"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-4363"
],
"details": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.",
"id": "GSD-2018-4363",
"modified": "2023-12-13T01:22:28.542102Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS, tvOS, watchOS",
"version": {
"version_data": [
{
"version_value": "Versions prior to: iOS 12, tvOS 12, watchOS 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to read restricted memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209107",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209107"
},
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209106"
},
{
"name": "https://support.apple.com/kb/HT209108",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209108"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4363"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT209108",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209108"
},
{
"name": "https://support.apple.com/kb/HT209107",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209107"
},
{
"name": "https://support.apple.com/kb/HT209106",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT209106"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-04-05T15:04Z",
"publishedDate": "2019-04-03T18:29Z"
}
}
}
cnvd-2018-20208
Vulnerability from cnvd
Title
Apple iOS和tvOS Kernel信息泄露漏洞
Description
Apple iOS和tvOS都是美国苹果(Apple)公司的产品。Apple iOS是为移动设备所开发的一套操作系统。tvOS是一套智能电视操作系统。Kernel是其中的一个内核组件。
Apple iOS 12之前版本和tvOS 12之前版本中的Kernel组件存在安全漏洞。攻击者可利用该漏洞读取被限制的内存。
Severity
中
VLAI Severity ?
Patch Name
Apple iOS和tvOS Kernel信息泄露漏洞的补丁
Patch Description
Apple iOS和tvOS都是美国苹果(Apple)公司的产品。Apple iOS是为移动设备所开发的一套操作系统。tvOS是一套智能电视操作系统。Kernel是其中的一个内核组件。
Apple iOS 12之前版本和tvOS 12之前版本中的Kernel组件存在安全漏洞。攻击者可利用该漏洞读取被限制的内存。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://support.apple.com/en-us/HT209106
Reference
https://support.apple.com/en-us/HT209106
Impacted products
| Name | ['Apple iOS <12', 'Apple tvOS <12'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-4363"
}
},
"description": "Apple iOS\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Kernel\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5185\u6838\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 12\u4e4b\u524d\u7248\u672c\u548ctvOS 12\u4e4b\u524d\u7248\u672c\u4e2d\u7684Kernel\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u88ab\u9650\u5236\u7684\u5185\u5b58\u3002",
"discovererName": "Ian Beer of Google Project Zero",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/HT209106",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-20208",
"openTime": "2018-09-29",
"patchDescription": "Apple iOS\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Kernel\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5185\u6838\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 12\u4e4b\u524d\u7248\u672c\u548ctvOS 12\u4e4b\u524d\u7248\u672c\u4e2d\u7684Kernel\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u88ab\u9650\u5236\u7684\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple iOS\u548ctvOS Kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Apple iOS \u003c12",
"Apple tvOS \u003c12"
]
},
"referenceLink": "https://support.apple.com/en-us/HT209106",
"serverity": "\u4e2d",
"submitTime": "2018-09-18",
"title": "Apple iOS\u548ctvOS Kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
CERTFR-2018-AVI-443
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Support pour iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4322"
},
{
"name": "CVE-2018-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4363"
},
{
"name": "CVE-2018-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4325"
},
{
"name": "CVE-2018-4329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4329"
},
{
"name": "CVE-2018-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4352"
},
{
"name": "CVE-2018-4195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4195"
},
{
"name": "CVE-2018-4307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4307"
},
{
"name": "CVE-2018-4313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4313"
},
{
"name": "CVE-2018-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4397"
},
{
"name": "CVE-2018-4357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4357"
},
{
"name": "CVE-2018-4305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4305"
},
{
"name": "CVE-2018-4335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4335"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4330"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4338"
},
{
"name": "CVE-2018-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4362"
},
{
"name": "CVE-2018-4356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4356"
}
],
"initial_release_date": "2018-09-18T00:00:00",
"last_revision_date": "2018-09-19T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-18T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"revision_date": "2018-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209117 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209108 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209106 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209109 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209107 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209107"
}
]
}
var-201904-1477
Vulnerability from variot
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. Both Apple iOS and tvOS are products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices. Kernel is one of the kernel components. tvOS is a smart TV operating system. An attacker can exploit this vulnerability to read restricted memory. iOS kernel stack memory disclosure due to failure to check copyin return value
CVE-2018-4363
Here's a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions:
static void handle_uncategorized(arm_saved_state_t *state, boolean_t instrLen2) { exception_type_t exception = EXC_BAD_INSTRUCTION; mach_exception_data_type_t codes[2] = {EXC_ARM_UNDEFINED}; mach_msg_type_number_t numcodes = 2; uint32_t instr; <------ (a)
if (instrLen2) { uint16_t instr16; COPYIN(get_saved_state_pc(state), (char *)&instr16, sizeof(instr16));
instr = instr16;
} else { COPYIN(get_saved_state_pc(state), (char *)&instr, sizeof(instr)); <------- (b) }
....
else { codes[1] = instr; <------ (c) } }
exception_triage(exception, codes, numcodes); <-------- (d)
At (a) the uint32_t instr is declared uninitialized on the stack. At (b) the code tries to copyin the bytes of the exception-causing instruction from userspace note that the COPYIN macro doesn't itself check the return value of copyin, it just calls it. At (c) instr is assigned to codes[1], which at (d) is passed to exception_triage.
that codes array will eventually end up being sent in an exception mach message.
The bug is that we can force copyin to fail by unmapping the page containing the undefined instruction while it's being handled. (I tried to do this with XO memory but the kernel seems to be able to copyin that just fine.)
This PoC has an undefined instruction (0xdeadbeef) on its own page and spins up a thread to keep switching the protection of that page between VM_PROT_NONE and VM_PROT_READ|VM_PROT_EXECUTE.
We then keep spinning up threads which try to execute that undefined instruction.
If the race windows align the thread executes the undefined instruction but when the sleh code tries to copyin the page is unmapped, the copying fails and the exception message we get has stale stack memory.
This PoC just demonstrates that you do get values which aren't 0xdeadbeef in there for the EXC_ARM_UNDEFINED type. You'd have to do a bit more fiddling to work out how to get something specific there.
Note that there are lots of other unchecked COPYIN's in sleh.c (eg when userspace tries to access a system register not allowed for EL0) and these seem to have the same issue.
tested on iPod Touch 6g running 11.3.1, but looking at the kernelcache it seems to still be there in iOS 12.
Found by: ianbeer
. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-4329: Hugo S. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About.
WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5
watchOS 5 addresses the following:
CFNetwork Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
CoreFoundation Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreFoundation Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreText Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018
Grand Central Dispatch Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018
Heimdal Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018
IOHIDFamily Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018
IOUserEthernet Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018
iTunes Store Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018
Safari Available for: Apple Watch Series 1 and later Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)
Security Available for: Apple Watch Series 1 and later Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018
Security Available for: Apple Watch Series 1 and later Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky
Symptom Framework Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Text Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018
WebKit Available for: Apple Watch Series 1 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz
WebKit Available for: Apple Watch Series 1 and later Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike)
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo)
WebKit Available for: Apple Watch Series 1 and later Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google
WebKit Available for: Apple Watch Series 1 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
Kernel We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.
SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
WebKit We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c= =fz+z -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1477",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (ipod touch first 6 generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5 (apple watch series 1 or later )"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "149409"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4363",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-4363",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-134394",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-4363",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4363",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-4363",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-924",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134394",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-4363",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134394"
},
{
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-924"
},
{
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. Both Apple iOS and tvOS are products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices. Kernel is one of the kernel components. tvOS is a smart TV operating system. An attacker can exploit this vulnerability to read restricted memory. iOS kernel stack memory disclosure due to failure to check copyin return value \n\nCVE-2018-4363\n\n\nHere\u0027s a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions:\n\n static void\n handle_uncategorized(arm_saved_state_t *state, boolean_t instrLen2)\n {\n exception_type_t exception = EXC_BAD_INSTRUCTION;\n mach_exception_data_type_t codes[2] = {EXC_ARM_UNDEFINED};\n mach_msg_type_number_t numcodes = 2;\n uint32_t instr; \u003c------ (a)\n \n if (instrLen2) {\n uint16_t instr16;\n COPYIN(get_saved_state_pc(state), (char *)\u0026instr16, sizeof(instr16));\n \n instr = instr16;\n } else {\n COPYIN(get_saved_state_pc(state), (char *)\u0026instr, sizeof(instr)); \u003c------- (b)\n }\n \n .... \n \n else {\n codes[1] = instr; \u003c------ (c)\n }\n }\n \n exception_triage(exception, codes, numcodes); \u003c-------- (d)\n \n \n At (a) the uint32_t instr is declared uninitialized on the stack. \n At (b) the code tries to copyin the bytes of the exception-causing instruction from userspace\n note that the COPYIN macro doesn\u0027t itself check the return value of copyin, it just calls it. \n At (c) instr is assigned to codes[1], which at (d) is passed to exception_triage. \n \n that codes array will eventually end up being sent in an exception mach message. \n \n The bug is that we can force copyin to fail by unmapping the page containing the undefined instruction\n while it\u0027s being handled. (I tried to do this with XO memory but the kernel seems to be able to copyin that just fine.)\n \n This PoC has an undefined instruction (0xdeadbeef) on its own page and spins up a thread to keep\n switching the protection of that page between VM_PROT_NONE and VM_PROT_READ|VM_PROT_EXECUTE. \n \n We then keep spinning up threads which try to execute that undefined instruction. \n \n If the race windows align the thread executes the undefined instruction but when the sleh code tries to copyin\n the page is unmapped, the copying fails and the exception message we get has stale stack memory. \n \n This PoC just demonstrates that you do get values which aren\u0027t 0xdeadbeef in there for the EXC_ARM_UNDEFINED type. \n You\u0027d have to do a bit more fiddling to work out how to get something specific there. \n \n Note that there are lots of other unchecked COPYIN\u0027s in sleh.c (eg when userspace tries to access a system register not allowed\n for EL0) and these seem to have the same issue. \n \n tested on iPod Touch 6g running 11.3.1, but looking at the kernelcache it seems to still be there in iOS 12. \n\n\n\nFound by: ianbeer\n\n. \nCVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \n\nBluetooth\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,\niPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,\n12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,\n9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. \nCVE-2018-4329: Hugo S. \nCVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend\nMicro\u0027s Zero Day Initiative\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. \n\nWebKit\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360\nVuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-10-30-10 Additional information for\nAPPLE-SA-2018-9-24-5 watchOS 5\n\nwatchOS 5 addresses the following:\n\nCFNetwork\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4412: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4414: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreText\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4347: an anonymous researcher\nEntry added October 30, 2018\n\nGrand Central Dispatch\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4426: Brandon Azad\nEntry added October 30, 2018\n\nHeimdal\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4331: Brandon Azad\nCVE-2018-4332: Brandon Azad\nCVE-2018-4343: Brandon Azad\nEntry added October 30, 2018\n\nIOHIDFamily\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation\nCVE-2018-4408: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4341: Ian Beer of Google Project Zero\nCVE-2018-4354: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4383: Apple\nEntry added October 30, 2018\n\nIOUserEthernet\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4401: Apple\nEntry added October 30, 2018\n\niTunes Store\nAvailable for: Apple Watch Series 1 and later\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in the iTunes Store\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4305: Jerry Decime\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: An access issue existed with privileged API calls. \nCVE-2018-4399: Fabiano Anemone (@anoane)\nEntry added October 30, 2018\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4336: Brandon Azad\nCVE-2018-4337: Ian Beer of Google Project Zero\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\nCVE-2018-4344: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2018-4425: cc working with Trend Micro\u0027s Zero Day Initiative,\nJuwei Lin (@panicaII) of Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to read restricted memory\nDescription: An input validation issue existed in the kernel. \nCVE-2018-4363: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4407: Kevin Backhouse of Semmle Ltd. \nEntry added October 30, 2018\n\nSafari\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to discover websites a user has\nvisited\nDescription: A consistency issue existed in the handling of\napplication snapshots. \nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert\nUlu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -\nAnkara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l\nUniversity, Metin Altug Karakaya of Kaliptus Medical Organization,\nVinodh Swami of Western Governor\u0027s University (WGU)\n\nSecurity\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2018-4395: Patrick Wardle of Digita Security\nEntry added October 30, 2018\n\nSecurity\nAvailable for: Apple Watch Series 1 and later\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nSymptom Framework\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nText\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4304: jianan.huang (@Sevck)\nEntry added October 30, 2018\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4191: found by OSS-Fuzz\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Cross-origin SecurityErrors includes the accessed frame\u0027s\norigin\nDescription: The issue was addressed by removing origin information. \nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro\u0027s Zero\nDay Initiative\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with\nTrend Micro\u0027s Zero Day Initiative\nCVE-2018-4359: Samuel GroA (@5aelo)\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious website may cause unexepected cross-origin\nbehavior\nDescription: A cross-origin issue existed with \"iframe\" elements. \nCVE-2018-4319: John Pettitt of Google\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2018-4361: found by OSS-Fuzz\n\nAdditional recognition\n\nCore Data\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad for their assistance. \n\nSandbox Profiles\nWe would like to acknowledge Tencent Keen Security Lab working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nWebKit\nWe would like to acknowledge Tencent Keen Security Lab working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA\nrJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC\nH60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu\nGpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc\nkfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W\nvGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq\nqSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB\nPxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a\nzJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R\nApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG\nmOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs\nfHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c=\n=fz+z\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "VULHUB",
"id": "VHN-134394"
},
{
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"db": "PACKETSTORM",
"id": "149869"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "149409"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4363",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU93341447",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-924",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "149869",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-134394",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-4363",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149400",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149410",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149409",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150113",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149515",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134394"
},
{
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "PACKETSTORM",
"id": "149869"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "149409"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-924"
},
{
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"id": "VAR-201904-1477",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134394"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:34:13.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT209106",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209106"
},
{
"title": "HT209107",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209107"
},
{
"title": "HT209108",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209108"
},
{
"title": "HT209107",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209107"
},
{
"title": "HT209108",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209108"
},
{
"title": "HT209106",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209106"
},
{
"title": "Apple iOS and tvOS Kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85044"
},
{
"title": "Apple: watchOS 5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9f7934fe8c6d67798056f4da8e8790f0"
},
{
"title": "Apple: tvOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=cffdc08d95a71866e104f27dafdf5818"
},
{
"title": "Apple: iOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9859610dae22b7395b3a00be201bcefb"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
},
{
"trust": 1.9,
"url": "https://support.apple.com/kb/ht209108"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209106"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209107"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4363"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93341447/index.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
},
{
"trust": 0.6,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4311"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2018/sep/23"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4329"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4354"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4337"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134394"
},
{
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "PACKETSTORM",
"id": "149869"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "149409"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-924"
},
{
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134394"
},
{
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"db": "PACKETSTORM",
"id": "149869"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "149409"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "PACKETSTORM",
"id": "149515"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-924"
},
{
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134394"
},
{
"date": "2019-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"date": "2019-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"date": "2018-10-19T16:22:22",
"db": "PACKETSTORM",
"id": "149869"
},
{
"date": "2018-09-17T22:22:22",
"db": "PACKETSTORM",
"id": "149400"
},
{
"date": "2018-09-25T16:32:23",
"db": "PACKETSTORM",
"id": "149516"
},
{
"date": "2018-09-18T02:23:50",
"db": "PACKETSTORM",
"id": "149410"
},
{
"date": "2018-09-18T02:22:58",
"db": "PACKETSTORM",
"id": "149409"
},
{
"date": "2018-10-31T16:10:19",
"db": "PACKETSTORM",
"id": "150113"
},
{
"date": "2018-09-25T16:31:15",
"db": "PACKETSTORM",
"id": "149515"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-924"
},
{
"date": "2019-04-03T18:29:10.610000",
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-134394"
},
{
"date": "2019-04-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4363"
},
{
"date": "2019-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014918"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-924"
},
{
"date": "2024-11-21T04:07:16.197000",
"db": "NVD",
"id": "CVE-2018-4363"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-924"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014918"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-924"
}
],
"trust": 0.6
}
}
ghsa-grvh-33q9-jjv9
Vulnerability from github
Published
2022-05-14 01:12
Modified
2022-05-14 01:12
Severity ?
VLAI Severity ?
Details
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
{
"affected": [],
"aliases": [
"CVE-2018-4363"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-03T18:29:00Z",
"severity": "HIGH"
},
"details": "An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.",
"id": "GHSA-grvh-33q9-jjv9",
"modified": "2022-05-14T01:12:21Z",
"published": "2022-05-14T01:12:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4363"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT209106"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT209107"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT209108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…