cvelistv5 - cve-2018-4167

CVE-2018-4167 (GCVE-0-2018-4167)

Vulnerability from cvelistv5 – Published: 2018-04-03 06:00 – Updated: 2024-08-05 05:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT208692	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040604	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT208698	x_refsource_CONFIRM
	https://support.apple.com/HT208696	x_refsource_CONFIRM
	https://support.apple.com/HT208693	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040608	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:04:29.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208692"
          },
          {
            "name": "1040604",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208698"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208696"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208693"
          },
          {
            "name": "1040608",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-03T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208692"
        },
        {
          "name": "1040604",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208698"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208696"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208693"
        },
        {
          "name": "1040608",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4167",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208692",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208692"
            },
            {
              "name": "1040604",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040604"
            },
            {
              "name": "https://support.apple.com/HT208698",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208698"
            },
            {
              "name": "https://support.apple.com/HT208696",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208696"
            },
            {
              "name": "https://support.apple.com/HT208693",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208693"
            },
            {
              "name": "1040608",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4167",
    "datePublished": "2018-04-03T06:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:04:29.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\", \"matchCriteriaId\": \"1AE9DC77-7A0A-47A4-9B85-6CCCFDE5B313\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.13.4\", \"matchCriteriaId\": \"D053772A-D0AE-474A-AE49-26A251C4B5D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\", \"matchCriteriaId\": \"2027A893-A9F8-4594-89B3-FEAFD69AB877\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.3\", \"matchCriteriaId\": \"360435F9-FC38-422B-8888-3656AF59A3BF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \\\"File System Events\\\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3, las versiones de macOS anteriores a la 10.13.4, las versiones de tvOS anteriores a la 11.3 y las versiones de watchOS anteriores a la 4.3 se han visto afectadas. El problema afecta al componente \\\"File System Events\\\". Una condici\\u00f3n de carrera permite a los atacantes ejecutar c\\u00f3digo arbitrario en un contexto privilegiado mediante una app manipulada.\"}]",
      "id": "CVE-2018-4167",
      "lastModified": "2024-11-21T04:06:53.757",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-04-03T06:29:07.797",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1040604\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040608\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT208692\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208693\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208696\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208698\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1040604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040608\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT208692\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208693\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208696\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208698\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4167\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2018-04-03T06:29:07.797\",\"lastModified\":\"2024-11-21T04:06:53.757\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \\\"File System Events\\\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3, las versiones de macOS anteriores a la 10.13.4, las versiones de tvOS anteriores a la 11.3 y las versiones de watchOS anteriores a la 4.3 se han visto afectadas. El problema afecta al componente \\\"File System Events\\\". Una condici\u00f3n de carrera permite a los atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado mediante una app manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"1AE9DC77-7A0A-47A4-9B85-6CCCFDE5B313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.13.4\",\"matchCriteriaId\":\"D053772A-D0AE-474A-AE49-26A251C4B5D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"2027A893-A9F8-4594-89B3-FEAFD69AB877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"360435F9-FC38-422B-8888-3656AF59A3BF\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1040604\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040608\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT208692\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208693\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208696\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208698\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1040604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT208692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208698\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-4167

Vulnerability from fkie_nvd - Published: 2018-04-03 06:29 - Updated: 2024-11-21 04:06

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://www.securitytracker.com/id/1040604	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1040608	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT208692	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT208693	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT208696	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT208698	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040604	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040608	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208692	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208693	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208696	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208698	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AE9DC77-7A0A-47A4-9B85-6CCCFDE5B313",
              "versionEndExcluding": "11.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D053772A-D0AE-474A-AE49-26A251C4B5D4",
              "versionEndExcluding": "10.13.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2027A893-A9F8-4594-89B3-FEAFD69AB877",
              "versionEndExcluding": "11.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "360435F9-FC38-422B-8888-3656AF59A3BF",
              "versionEndExcluding": "4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3, las versiones de macOS anteriores a la 10.13.4, las versiones de tvOS anteriores a la 11.3 y las versiones de watchOS anteriores a la 4.3 se han visto afectadas. El problema afecta al componente \"File System Events\". Una condici\u00f3n de carrera permite a los atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado mediante una app manipulada."
    }
  ],
  "id": "CVE-2018-4167",
  "lastModified": "2024-11-21T04:06:53.757",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-03T06:29:07.797",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040604"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040608"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208692"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208693"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208696"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208698"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-4167

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4167

Aliases

CVE-2018-4167

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4167",
    "description": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",
    "id": "GSD-2018-4167"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4167"
      ],
      "details": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",
      "id": "GSD-2018-4167",
      "modified": "2023-12-13T01:22:28.670938Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2018-4167",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT208692",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208692"
          },
          {
            "name": "1040604",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040604"
          },
          {
            "name": "https://support.apple.com/HT208698",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208698"
          },
          {
            "name": "https://support.apple.com/HT208696",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208696"
          },
          {
            "name": "https://support.apple.com/HT208693",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208693"
          },
          {
            "name": "1040608",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040608"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.13.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4167"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208698",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208698"
            },
            {
              "name": "https://support.apple.com/HT208696",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208696"
            },
            {
              "name": "https://support.apple.com/HT208693",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208693"
            },
            {
              "name": "https://support.apple.com/HT208692",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208692"
            },
            {
              "name": "1040608",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040608"
            },
            {
              "name": "1040604",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040604"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-04-03T06:29Z"
    }
  }
}

VAR-201804-1167

Vulnerability from variot - Updated: 2023-12-18 11:41

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2018-3-29-2 watchOS 4.3

watchOS 4.3 is now available and addresses the following:

CoreFoundation Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4155: Samuel GroA (@5aelo) CVE-2018-4158: Samuel GroA (@5aelo)

CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted string may lead to a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH

File System Events Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4167: Samuel GroA (@5aelo)

Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4150: an anonymous researcher

Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC)

Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6)

NSURLSession Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo)

Quick Look Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo)

Security Available for: All Apple Watch models Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo)

System Preferences Available for: All Apple Watch models Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup. CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera

WebKit Available for: All Apple Watch models Impact: Unexpected interaction with indexing types causing an ASSERT failure Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks. CVE-2018-4113: found by OSS-Fuzz

WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4146: found by OSS-Fuzz

WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4114: found by OSS-Fuzz CVE-2018-4121: Natalie Silvanovich of Google Project Zero CVE-2018-4122: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative CVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative

WebKit Available for: All Apple Watch models Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. CVE-2018-4117: an anonymous researcher, an anonymous researcher

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA// QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7 43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn /Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw +tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU= =FEXo -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1167",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.4"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.3"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (ipad air or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (iphone 5s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (ipod touch no.  6 generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (apple tv 4k)"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (apple tv no.  4 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.3   (apple watch all models of )"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.1.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.13.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "146965"
      },
      {
        "db": "PACKETSTORM",
        "id": "146966"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2018-4167",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-4167",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-134198",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.0,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-4167",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4167",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-144",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134198",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.3; macOS High Sierra prior to 10.13.4; tvOS prior to 11.3; watchOS prior to 4.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2018-3-29-2 watchOS 4.3\n\nwatchOS 4.3 is now available and addresses the following:\n\nCoreFoundation\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4155: Samuel GroA (@5aelo)\nCVE-2018-4158: Samuel GroA (@5aelo)\n\nCoreText\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nFile System Events\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4167: Samuel GroA (@5aelo)\n\nKernel\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4150: an anonymous researcher\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4104: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4143: derrek (@derrekr6)\n\nNSURLSession\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4166: Samuel GroA (@5aelo)\n\nQuick Look\nAvailable for: All Apple Watch models\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2018-4157: Samuel GroA (@5aelo)\n\nSecurity\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\nSystem Preferences\nAvailable for: All Apple Watch models\nImpact: A configuration profile may incorrectly remain in effect\nafter removal\nDescription: An issue existed in CFPreferences. This issue was\naddressed through improved preferences cleanup. \nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of\nWandera\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Unexpected interaction with indexing types causing an ASSERT\nfailure\nDescription: An array indexing issue existed in the handling of a\nfunction in javascript core. This issue was addressed through\nimproved checks. \nCVE-2018-4113: found by OSS-Fuzz\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to a\ndenial of service\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2018-4146: found by OSS-Fuzz\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4114: found by OSS-Fuzz\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\nCVE-2018-4122: WanderingGlitch of Trend Micro\u0027s Zero Day Initiative\nCVE-2018-4125: WanderingGlitch of Trend Micro\u0027s Zero Day Initiative\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend\nMicro\u0027s Zero Day Initiative\nCVE-2018-4161: WanderingGlitch of Trend Micro\u0027s Zero Day Initiative\nCVE-2018-4162: WanderingGlitch of Trend Micro\u0027s Zero Day Initiative\nCVE-2018-4163: WanderingGlitch of Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-origin issue existed with the fetch API. This\nwas addressed through improved input validation. \nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA//\nQhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY\nv4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7\n43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry\nXnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn\n/Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP\nQa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U\nTMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z\nec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw\n+tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU\njGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i\nARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU=\n=FEXo\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "db": "PACKETSTORM",
        "id": "146965"
      },
      {
        "db": "PACKETSTORM",
        "id": "146966"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4167",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1040608",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1040604",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92378299",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-134198",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146965",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146966",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "PACKETSTORM",
        "id": "146965"
      },
      {
        "db": "PACKETSTORM",
        "id": "146966"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "id": "VAR-201804-1167",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134198"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:41:09.731000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT208692",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208692"
      },
      {
        "title": "HT208693",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208693"
      },
      {
        "title": "HT208696",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208696"
      },
      {
        "title": "HT208698",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208698"
      },
      {
        "title": "HT208692",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208692"
      },
      {
        "title": "HT208693",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208693"
      },
      {
        "title": "HT208696",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208696"
      },
      {
        "title": "HT208698",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208698"
      },
      {
        "title": "Multiple Apple product File System Events Repair measures for competitive conditions",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82996"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208692"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208693"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208696"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208698"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040604"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040608"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4167"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4167"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu92378299/index.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4114"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4155"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4143"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4161"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4166"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4163"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4144"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4162"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4125"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4121"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4115"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4104"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4113"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4150"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4122"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4157"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4146"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4129"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4158"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4101"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4120"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4165"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4119"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4130"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "PACKETSTORM",
        "id": "146965"
      },
      {
        "db": "PACKETSTORM",
        "id": "146966"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "db": "PACKETSTORM",
        "id": "146965"
      },
      {
        "db": "PACKETSTORM",
        "id": "146966"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "date": "2018-03-30T15:52:32",
        "db": "PACKETSTORM",
        "id": "146965"
      },
      {
        "date": "2018-03-30T15:52:53",
        "db": "PACKETSTORM",
        "id": "146966"
      },
      {
        "date": "2018-04-03T06:29:07.797000",
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "date": "2018-04-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134198"
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-4167"
      },
      {
        "date": "2019-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Arbitrary code execution vulnerability in privileged context in product filesystem event component",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003691"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-144"
      }
    ],
    "trust": 0.6
  }
}

GHSA-R4VG-GJP9-3685

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4167"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-03T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"File System Events\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",
  "id": "GHSA-r4vg-gjp9-3685",
  "modified": "2022-05-13T01:52:38Z",
  "published": "2022-05-13T01:52:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4167"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208692"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208693"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208696"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208698"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040604"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040608"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-162

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 11.1
Apple	N/A	iTunes versions antérieures à 12.7.4 pour Windows
Apple	N/A	iCloud pour Windows versions antérieures à 7.4
Apple	N/A	iOS versions antérieures à 11.3
Apple	N/A	watchOS versions antérieures à 4.3
Apple	N/A	OS X El Capitan sans la mise à jour de sécurité 2018-002 El Capitan
Apple	N/A	Xcode versions antérieures à 9.3
Apple	macOS	macOS Sierra sans la mise à jour de sécurite 2018-002 Sierra
Apple	macOS	macOS High Sierra versions antérieures à 10.13.4
Apple	N/A	tvOS versions antérieures à 11.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT208696 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208692 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208697 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208695 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208694 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208698 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208699 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208693 du 29 mars 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 11.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.7.4 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X El Capitan sans la mise \u00e0 jour de s\u00e9curit\u00e9 2018-002 El Capitan",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 9.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra sans la mise \u00e0 jour de s\u00e9curite 2018-002 Sierra",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4158"
    },
    {
      "name": "CVE-2018-4163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4163"
    },
    {
      "name": "CVE-2018-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4142"
    },
    {
      "name": "CVE-2018-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4138"
    },
    {
      "name": "CVE-2018-4114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4114"
    },
    {
      "name": "CVE-2018-4125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4125"
    },
    {
      "name": "CVE-2018-4135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4135"
    },
    {
      "name": "CVE-2018-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4101"
    },
    {
      "name": "CVE-2018-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4104"
    },
    {
      "name": "CVE-2018-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4154"
    },
    {
      "name": "CVE-2018-4117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4117"
    },
    {
      "name": "CVE-2018-4121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4121"
    },
    {
      "name": "CVE-2018-4174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4174"
    },
    {
      "name": "CVE-2018-4118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4118"
    },
    {
      "name": "CVE-2018-4110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4110"
    },
    {
      "name": "CVE-2017-13890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13890"
    },
    {
      "name": "CVE-2018-4134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4134"
    },
    {
      "name": "CVE-2018-4107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4107"
    },
    {
      "name": "CVE-2018-4161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4161"
    },
    {
      "name": "CVE-2018-4172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4172"
    },
    {
      "name": "CVE-2018-4152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4152"
    },
    {
      "name": "CVE-2018-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4164"
    },
    {
      "name": "CVE-2018-4119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4119"
    },
    {
      "name": "CVE-2018-4156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4156"
    },
    {
      "name": "CVE-2018-4106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4106"
    },
    {
      "name": "CVE-2018-4132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4132"
    },
    {
      "name": "CVE-2018-4127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4127"
    },
    {
      "name": "CVE-2018-4149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4149"
    },
    {
      "name": "CVE-2018-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4108"
    },
    {
      "name": "CVE-2018-4130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4130"
    },
    {
      "name": "CVE-2018-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4136"
    },
    {
      "name": "CVE-2018-4150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4150"
    },
    {
      "name": "CVE-2017-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8816"
    },
    {
      "name": "CVE-2018-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4139"
    },
    {
      "name": "CVE-2018-4162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4162"
    },
    {
      "name": "CVE-2018-4122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4122"
    },
    {
      "name": "CVE-2018-4140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4140"
    },
    {
      "name": "CVE-2018-4144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4144"
    },
    {
      "name": "CVE-2018-4115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4115"
    },
    {
      "name": "CVE-2018-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4128"
    },
    {
      "name": "CVE-2018-4105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4105"
    },
    {
      "name": "CVE-2018-4102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4102"
    },
    {
      "name": "CVE-2018-4146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4146"
    },
    {
      "name": "CVE-2018-4113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4113"
    },
    {
      "name": "CVE-2018-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4143"
    },
    {
      "name": "CVE-2018-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4155"
    },
    {
      "name": "CVE-2018-4160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4160"
    },
    {
      "name": "CVE-2018-4123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4123"
    },
    {
      "name": "CVE-2018-4131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4131"
    },
    {
      "name": "CVE-2018-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4129"
    },
    {
      "name": "CVE-2018-4176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4176"
    },
    {
      "name": "CVE-2018-4120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4120"
    },
    {
      "name": "CVE-2018-4137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4137"
    },
    {
      "name": "CVE-2018-4157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4157"
    },
    {
      "name": "CVE-2018-4175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4175"
    },
    {
      "name": "CVE-2018-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4166"
    },
    {
      "name": "CVE-2018-4167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4167"
    },
    {
      "name": "CVE-2018-4170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4170"
    },
    {
      "name": "CVE-2018-4151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4151"
    },
    {
      "name": "CVE-2018-4133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4133"
    },
    {
      "name": "CVE-2018-4116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4116"
    },
    {
      "name": "CVE-2018-4165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4165"
    },
    {
      "name": "CVE-2018-4111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4111"
    },
    {
      "name": "CVE-2018-4112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4112"
    },
    {
      "name": "CVE-2018-4168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4168"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-162",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208696 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208696"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208692 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208692"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208697 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208697"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208695 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208695"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208694 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208694"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208698 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208699 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208699"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208693 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208693"
    }
  ]
}

CERTFR-2018-AVI-162

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 11.1
Apple	N/A	iTunes versions antérieures à 12.7.4 pour Windows
Apple	N/A	iCloud pour Windows versions antérieures à 7.4
Apple	N/A	iOS versions antérieures à 11.3
Apple	N/A	watchOS versions antérieures à 4.3
Apple	N/A	OS X El Capitan sans la mise à jour de sécurité 2018-002 El Capitan
Apple	N/A	Xcode versions antérieures à 9.3
Apple	macOS	macOS Sierra sans la mise à jour de sécurite 2018-002 Sierra
Apple	macOS	macOS High Sierra versions antérieures à 10.13.4
Apple	N/A	tvOS versions antérieures à 11.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT208696 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208692 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208697 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208695 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208694 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208698 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208699 du 29 mars 2018	None	vendor-advisory
Bulletin de sécurité Apple HT208693 du 29 mars 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 11.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.7.4 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X El Capitan sans la mise \u00e0 jour de s\u00e9curit\u00e9 2018-002 El Capitan",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 9.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra sans la mise \u00e0 jour de s\u00e9curite 2018-002 Sierra",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4158"
    },
    {
      "name": "CVE-2018-4163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4163"
    },
    {
      "name": "CVE-2018-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4142"
    },
    {
      "name": "CVE-2018-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4138"
    },
    {
      "name": "CVE-2018-4114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4114"
    },
    {
      "name": "CVE-2018-4125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4125"
    },
    {
      "name": "CVE-2018-4135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4135"
    },
    {
      "name": "CVE-2018-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4101"
    },
    {
      "name": "CVE-2018-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4104"
    },
    {
      "name": "CVE-2018-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4154"
    },
    {
      "name": "CVE-2018-4117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4117"
    },
    {
      "name": "CVE-2018-4121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4121"
    },
    {
      "name": "CVE-2018-4174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4174"
    },
    {
      "name": "CVE-2018-4118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4118"
    },
    {
      "name": "CVE-2018-4110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4110"
    },
    {
      "name": "CVE-2017-13890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13890"
    },
    {
      "name": "CVE-2018-4134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4134"
    },
    {
      "name": "CVE-2018-4107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4107"
    },
    {
      "name": "CVE-2018-4161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4161"
    },
    {
      "name": "CVE-2018-4172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4172"
    },
    {
      "name": "CVE-2018-4152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4152"
    },
    {
      "name": "CVE-2018-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4164"
    },
    {
      "name": "CVE-2018-4119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4119"
    },
    {
      "name": "CVE-2018-4156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4156"
    },
    {
      "name": "CVE-2018-4106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4106"
    },
    {
      "name": "CVE-2018-4132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4132"
    },
    {
      "name": "CVE-2018-4127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4127"
    },
    {
      "name": "CVE-2018-4149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4149"
    },
    {
      "name": "CVE-2018-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4108"
    },
    {
      "name": "CVE-2018-4130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4130"
    },
    {
      "name": "CVE-2018-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4136"
    },
    {
      "name": "CVE-2018-4150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4150"
    },
    {
      "name": "CVE-2017-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8816"
    },
    {
      "name": "CVE-2018-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4139"
    },
    {
      "name": "CVE-2018-4162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4162"
    },
    {
      "name": "CVE-2018-4122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4122"
    },
    {
      "name": "CVE-2018-4140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4140"
    },
    {
      "name": "CVE-2018-4144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4144"
    },
    {
      "name": "CVE-2018-4115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4115"
    },
    {
      "name": "CVE-2018-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4128"
    },
    {
      "name": "CVE-2018-4105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4105"
    },
    {
      "name": "CVE-2018-4102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4102"
    },
    {
      "name": "CVE-2018-4146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4146"
    },
    {
      "name": "CVE-2018-4113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4113"
    },
    {
      "name": "CVE-2018-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4143"
    },
    {
      "name": "CVE-2018-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4155"
    },
    {
      "name": "CVE-2018-4160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4160"
    },
    {
      "name": "CVE-2018-4123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4123"
    },
    {
      "name": "CVE-2018-4131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4131"
    },
    {
      "name": "CVE-2018-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4129"
    },
    {
      "name": "CVE-2018-4176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4176"
    },
    {
      "name": "CVE-2018-4120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4120"
    },
    {
      "name": "CVE-2018-4137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4137"
    },
    {
      "name": "CVE-2018-4157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4157"
    },
    {
      "name": "CVE-2018-4175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4175"
    },
    {
      "name": "CVE-2018-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4166"
    },
    {
      "name": "CVE-2018-4167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4167"
    },
    {
      "name": "CVE-2018-4170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4170"
    },
    {
      "name": "CVE-2018-4151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4151"
    },
    {
      "name": "CVE-2018-4133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4133"
    },
    {
      "name": "CVE-2018-4116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4116"
    },
    {
      "name": "CVE-2018-4165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4165"
    },
    {
      "name": "CVE-2018-4111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4111"
    },
    {
      "name": "CVE-2018-4112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4112"
    },
    {
      "name": "CVE-2018-4168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4168"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-162",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208696 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208696"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208692 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208692"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208697 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208697"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208695 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208695"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208694 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208694"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208698 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208699 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208699"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208693 du 29 mars 2018",
      "url": "https://support.apple.com/en-us/HT208693"
    }
  ]
}

CNVD-2018-08056

Vulnerability from cnvd - Published: 2018-04-20

Title

多款Apple产品File System Events竞争条件漏洞

Description

Apple iOS、macOS High Sierra、tvOS和watchOS都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；macOS High Sierra是一套专为Mac计算机所开发的专用操作系统；tvOS是一套智能电视操作系统；watchOS是一套智能手表操作系统。File System Events是其中的一个文件系统事件组件。多款Apple产品中的File System Events组件存在竞争条件漏洞。攻击者可借助特制的应用程序利用该漏洞以提升的权限执行任意代码。

Severity

高

Patch Name

多款Apple产品File System Events竞争条件漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://support.apple.com/en-ie/HT208692

Reference

https://support.apple.com/en-ie/HT208692

Impacted products

Name
['Apple iOS <11.3', 'Apple macOS High Sierra <10.13.4', 'Apple tvOS <11.3', 'Apple watchOS <4.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4167"
    }
  },
  "description": "Apple iOS\u3001macOS High Sierra\u3001tvOS\u548cwatchOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bmacOS High Sierra\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\uff1bwatchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002File System Events\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u7cfb\u7edf\u4e8b\u4ef6\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684File System Events\u7ec4\u4ef6\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Samuel Gro\u00df (@5aelo)",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-ie/HT208692",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-08056",
  "openTime": "2018-04-20",
  "patchDescription": "Apple iOS\u3001macOS High Sierra\u3001tvOS\u548cwatchOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bmacOS High Sierra\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\uff1bwatchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002File System Events\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u7cfb\u7edf\u4e8b\u4ef6\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684File System Events\u7ec4\u4ef6\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1File System Events\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  iOS \u003c11.3",
      "Apple macOS High Sierra \u003c10.13.4",
      "Apple tvOS \u003c11.3",
      "Apple watchOS \u003c4.3"
    ]
  },
  "referenceLink": "https://support.apple.com/en-ie/HT208692",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-08",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1File System Events\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4167 (GCVE-0-2018-4167)

FKIE_CVE-2018-4167

GSD-2018-4167

VAR-201804-1167

GHSA-R4VG-GJP9-3685

CERTFR-2018-AVI-162

Solution

CERTFR-2018-AVI-162

Solution

CNVD-2018-08056

Tags

Sightings

Nomenclature