cvelistv5 - cve-2018-4412

CVE-2018-4412 (GCVE-0-2018-4412)

Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11

Summary

Severity ?

No CVSS data available.

CWE

A malicious application may be able to elevate privileges

Assigner

apple

References

URL

Tags

	https://support.apple.com/kb/HT209141	x_refsource_MISC
	https://support.apple.com/kb/HT209140	x_refsource_MISC
	https://support.apple.com/kb/HT209107	x_refsource_MISC
	https://support.apple.com/kb/HT209193	x_refsource_MISC
	https://support.apple.com/kb/HT209106	x_refsource_MISC
	https://support.apple.com/kb/HT209139	x_refsource_MISC
	https://support.apple.com/kb/HT209108	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	iOS, macOS, tvOS, watchOS, iTunes for Windows, iCloud for Windows	Affected: Versions prior to: iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:11:22.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209141"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209140"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209107"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209193"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209106"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209108"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS, macOS, tvOS, watchOS,  iTunes for Windows, iCloud for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to: iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious application may be able to elevate privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-03T17:43:18",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209141"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209140"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209107"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209193"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209106"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209108"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4412",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS, macOS, tvOS, watchOS,  iTunes for Windows, iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to: iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A malicious application may be able to elevate privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT209141",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209141"
            },
            {
              "name": "https://support.apple.com/kb/HT209140",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209140"
            },
            {
              "name": "https://support.apple.com/kb/HT209107",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209107"
            },
            {
              "name": "https://support.apple.com/kb/HT209193",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209193"
            },
            {
              "name": "https://support.apple.com/kb/HT209106",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209106"
            },
            {
              "name": "https://support.apple.com/kb/HT209139",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209139"
            },
            {
              "name": "https://support.apple.com/kb/HT209108",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209108"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4412",
    "datePublished": "2019-04-03T17:43:18",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:11:22.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.0\", \"matchCriteriaId\": \"37A59AD6-A000-48BE-A575-D1A39DCB0D88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.14\", \"matchCriteriaId\": \"1E2491B4-5132-44CF-AB9A-FAC1926FE66E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12\", \"matchCriteriaId\": \"072DC7F5-B539-478D-B566-7F3FF2BC2671\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0\", \"matchCriteriaId\": \"397E2910-7F1A-4576-B28D-E5796DE20CC8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.7\", \"matchCriteriaId\": \"E92A7FC9-12AE-4E07-BA72-0A4075119426\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.9\", \"matchCriteriaId\": \"48FFD64E-C6DE-41EA-A70C-3E25F133901F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.\"}, {\"lang\": \"es\", \"value\": \"Un problema de corrupci\\u00f3n de memoria se abord\\u00f3 con una validaci\\u00f3n de entradas mejorada. El problema afectaba a iOS en versiones anteriores a la 12, macOS Mojave en versiones anteriores a la 10.14, tvOS en versiones anteriores a la 12, watchOS en versiones anteriores a la 5, iTunes en versiones anteriores a la 12.9 para Windows y iCloud para Windows en versiones anteriores a la 7.7.\"}]",
      "id": "CVE-2018-4412",
      "lastModified": "2024-11-21T04:07:21.830",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-04-03T18:29:14.033",
      "references": "[{\"url\": \"https://support.apple.com/kb/HT209106\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209107\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209108\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209139\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209140\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209141\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209193\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209107\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209108\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209140\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209141\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT209193\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4412\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-04-03T18:29:14.033\",\"lastModified\":\"2024-11-21T04:07:21.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.\"},{\"lang\":\"es\",\"value\":\"Un problema de corrupci\u00f3n de memoria se abord\u00f3 con una validaci\u00f3n de entradas mejorada. El problema afectaba a iOS en versiones anteriores a la 12, macOS Mojave en versiones anteriores a la 10.14, tvOS en versiones anteriores a la 12, watchOS en versiones anteriores a la 5, iTunes en versiones anteriores a la 12.9 para Windows y iCloud para Windows en versiones anteriores a la 7.7.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0\",\"matchCriteriaId\":\"37A59AD6-A000-48BE-A575-D1A39DCB0D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.14\",\"matchCriteriaId\":\"1E2491B4-5132-44CF-AB9A-FAC1926FE66E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12\",\"matchCriteriaId\":\"072DC7F5-B539-478D-B566-7F3FF2BC2671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0\",\"matchCriteriaId\":\"397E2910-7F1A-4576-B28D-E5796DE20CC8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.7\",\"matchCriteriaId\":\"E92A7FC9-12AE-4E07-BA72-0A4075119426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.9\",\"matchCriteriaId\":\"48FFD64E-C6DE-41EA-A70C-3E25F133901F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/kb/HT209106\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209107\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209108\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209139\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209140\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209141\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209193\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-6H75-3WP6-5JW3

Vulnerability from github – Published: 2022-05-14 01:11 – Updated: 2022-05-14 01:11

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-03T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.",
  "id": "GHSA-6h75-3wp6-5jw3",
  "modified": "2022-05-14T01:11:29Z",
  "published": "2022-05-14T01:11:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4412"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT209106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT209107"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT209108"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT209139"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT209140"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT209141"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT209193"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-22960

Vulnerability from cnvd - Published: 2018-11-12

Title

Apple macOS内存破坏漏洞（CNVD-2018-22960）

Description

macOS是苹果公司为Mac系列产品开发的专属操作系统。 Apple macOS Sierra 10.12.6、macOS High Sierra 10.13.6中的CoreFoundation组件存在内存破坏漏洞。攻击者可通过恶意应用程序利用该漏洞获得提升的权限。

Severity

高

Patch Name

Apple macOS内存破坏漏洞（CNVD-2018-22960）的补丁

Patch Description

macOS是苹果公司为Mac系列产品开发的专属操作系统。 Apple macOS Sierra 10.12.6、macOS High Sierra 10.13.6中的CoreFoundation组件存在内存破坏漏洞。攻击者可通过恶意应用程序利用该漏洞获得提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/HT209193

Reference

https://support.apple.com/en-us/HT209193

Impacted products

Name
['Apple macOS Sierra 10.12.6', 'Apple macOS High Sierra 10.13.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4412"
    }
  },
  "description": "macOS\u662f\u82f9\u679c\u516c\u53f8\u4e3aMac\u7cfb\u5217\u4ea7\u54c1\u5f00\u53d1\u7684\u4e13\u5c5e\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nApple macOS Sierra 10.12.6\u3001macOS High Sierra 10.13.6\u4e2d\u7684CoreFoundation\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "The UK\u0027s National Cyber Security Centre (NCSC)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/HT209193",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-22960",
  "openTime": "2018-11-12",
  "patchDescription": "macOS\u662f\u82f9\u679c\u516c\u53f8\u4e3aMac\u7cfb\u5217\u4ea7\u54c1\u5f00\u53d1\u7684\u4e13\u5c5e\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple macOS Sierra 10.12.6\u3001macOS High Sierra 10.13.6\u4e2d\u7684CoreFoundation\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2018-22960\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple macOS Sierra 10.12.6",
      "Apple macOS High Sierra 10.13.6"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT209193",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-02",
  "title": "Apple macOS\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2018-22960\uff09"
}

GSD-2018-4412

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4412

Aliases

CVE-2018-4412

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4412",
    "description": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.",
    "id": "GSD-2018-4412"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4412"
      ],
      "details": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.",
      "id": "GSD-2018-4412",
      "modified": "2023-12-13T01:22:28.461878Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2018-4412",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS, macOS, tvOS, watchOS,  iTunes for Windows, iCloud for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions prior to: iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A malicious application may be able to elevate privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/kb/HT209141",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT209141"
          },
          {
            "name": "https://support.apple.com/kb/HT209140",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT209140"
          },
          {
            "name": "https://support.apple.com/kb/HT209107",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT209107"
          },
          {
            "name": "https://support.apple.com/kb/HT209193",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT209193"
          },
          {
            "name": "https://support.apple.com/kb/HT209106",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT209106"
          },
          {
            "name": "https://support.apple.com/kb/HT209139",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT209139"
          },
          {
            "name": "https://support.apple.com/kb/HT209108",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT209108"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4412"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT209193",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT209193"
            },
            {
              "name": "https://support.apple.com/kb/HT209141",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT209141"
            },
            {
              "name": "https://support.apple.com/kb/HT209140",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT209140"
            },
            {
              "name": "https://support.apple.com/kb/HT209139",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT209139"
            },
            {
              "name": "https://support.apple.com/kb/HT209108",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT209108"
            },
            {
              "name": "https://support.apple.com/kb/HT209107",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT209107"
            },
            {
              "name": "https://support.apple.com/kb/HT209106",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT209106"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-04-08T14:18Z",
      "publishedDate": "2019-04-03T18:29Z"
    }
  }
}

CERTFR-2018-AVI-524

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 12.0.1
Apple	macOS	macOS Sierra versions antérieures à 10.12.6
Apple	N/A	iOS versions antérieures à 12.1
Apple	N/A	watchOS versions antérieures à 5.1
Apple	macOS	macOS High Sierra versions antérieures à 10.13.6
Apple	N/A	tvOS versions antérieures à 12.1
Apple	N/A	iCloud for Windows versions antérieures à 7.8
Apple	macOS	macOS Mojave versions antérieures à 10.14
Apple	N/A	iTunes versions antérieures à 12.9.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT209192 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209193 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209195 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209196 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209197 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209194 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209198 du 30 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 12.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud for Windows versions ant\u00e9rieures \u00e0 7.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions ant\u00e9rieures \u00e0 10.14",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4310"
    },
    {
      "name": "CVE-2017-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
    },
    {
      "name": "CVE-2018-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4391"
    },
    {
      "name": "CVE-2018-8777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
    },
    {
      "name": "CVE-2018-4368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4368"
    },
    {
      "name": "CVE-2018-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4395"
    },
    {
      "name": "CVE-2018-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4425"
    },
    {
      "name": "CVE-2018-4259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4259"
    },
    {
      "name": "CVE-2018-4400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4400"
    },
    {
      "name": "CVE-2018-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4415"
    },
    {
      "name": "CVE-2018-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4427"
    },
    {
      "name": "CVE-2018-4369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4369"
    },
    {
      "name": "CVE-2018-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4396"
    },
    {
      "name": "CVE-2018-4291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4291"
    },
    {
      "name": "CVE-2017-12618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12618"
    },
    {
      "name": "CVE-2018-4374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4374"
    },
    {
      "name": "CVE-2017-10784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
    },
    {
      "name": "CVE-2018-4350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4350"
    },
    {
      "name": "CVE-2018-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4386"
    },
    {
      "name": "CVE-2018-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4417"
    },
    {
      "name": "CVE-2018-4331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4331"
    },
    {
      "name": "CVE-2018-4398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4398"
    },
    {
      "name": "CVE-2018-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4412"
    },
    {
      "name": "CVE-2018-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4420"
    },
    {
      "name": "CVE-2017-14064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
    },
    {
      "name": "CVE-2018-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4392"
    },
    {
      "name": "CVE-2018-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4409"
    },
    {
      "name": "CVE-2018-8778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
    },
    {
      "name": "CVE-2018-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4419"
    },
    {
      "name": "CVE-2018-4371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4371"
    },
    {
      "name": "CVE-2018-4348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4348"
    },
    {
      "name": "CVE-2018-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4382"
    },
    {
      "name": "CVE-2018-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4424"
    },
    {
      "name": "CVE-2017-12613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
    },
    {
      "name": "CVE-2018-4288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4288"
    },
    {
      "name": "CVE-2018-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4203"
    },
    {
      "name": "CVE-2017-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
    },
    {
      "name": "CVE-2018-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
    },
    {
      "name": "CVE-2018-4402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4402"
    },
    {
      "name": "CVE-2018-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4377"
    },
    {
      "name": "CVE-2018-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4378"
    },
    {
      "name": "CVE-2018-4341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4341"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4426"
    },
    {
      "name": "CVE-2018-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4367"
    },
    {
      "name": "CVE-2018-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4399"
    },
    {
      "name": "CVE-2018-4342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4342"
    },
    {
      "name": "CVE-2018-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4389"
    },
    {
      "name": "CVE-2018-4403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4403"
    },
    {
      "name": "CVE-2018-4411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4411"
    },
    {
      "name": "CVE-2018-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4408"
    },
    {
      "name": "CVE-2018-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4375"
    },
    {
      "name": "CVE-2018-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4418"
    },
    {
      "name": "CVE-2018-4340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4340"
    },
    {
      "name": "CVE-2018-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4394"
    },
    {
      "name": "CVE-2018-4365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4365"
    },
    {
      "name": "CVE-2018-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6797"
    },
    {
      "name": "CVE-2018-4308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4308"
    },
    {
      "name": "CVE-2018-4126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4126"
    },
    {
      "name": "CVE-2018-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4376"
    },
    {
      "name": "CVE-2017-17742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
    },
    {
      "name": "CVE-2018-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4286"
    },
    {
      "name": "CVE-2018-4334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4334"
    },
    {
      "name": "CVE-2018-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4304"
    },
    {
      "name": "CVE-2018-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4393"
    },
    {
      "name": "CVE-2018-4354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4354"
    },
    {
      "name": "CVE-2018-4406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4406"
    },
    {
      "name": "CVE-2018-4372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4372"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-4287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4287"
    },
    {
      "name": "CVE-2018-8780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
    },
    {
      "name": "CVE-2018-6914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
    },
    {
      "name": "CVE-2018-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4423"
    },
    {
      "name": "CVE-2018-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4385"
    },
    {
      "name": "CVE-2018-4153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4153"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    },
    {
      "name": "CVE-2018-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4388"
    },
    {
      "name": "CVE-2018-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4373"
    },
    {
      "name": "CVE-2018-4295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4295"
    },
    {
      "name": "CVE-2018-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4416"
    },
    {
      "name": "CVE-2018-4366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4366"
    },
    {
      "name": "CVE-2018-4401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4401"
    },
    {
      "name": "CVE-2018-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4410"
    },
    {
      "name": "CVE-2018-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4242"
    },
    {
      "name": "CVE-2018-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4384"
    },
    {
      "name": "CVE-2018-4422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4422"
    },
    {
      "name": "CVE-2018-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4413"
    },
    {
      "name": "CVE-2018-4407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4407"
    },
    {
      "name": "CVE-2018-4346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4346"
    },
    {
      "name": "CVE-2017-17405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
    },
    {
      "name": "CVE-2018-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4387"
    },
    {
      "name": "CVE-2018-4326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4326"
    },
    {
      "name": "CVE-2018-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4390"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-524",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209192 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209192"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209193 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209193"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209195 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209195"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209196 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209197 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209197"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209194 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209194"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209198 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209198"
    }
  ]
}

CERTFR-2018-AVI-524

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 12.0.1
Apple	macOS	macOS Sierra versions antérieures à 10.12.6
Apple	N/A	iOS versions antérieures à 12.1
Apple	N/A	watchOS versions antérieures à 5.1
Apple	macOS	macOS High Sierra versions antérieures à 10.13.6
Apple	N/A	tvOS versions antérieures à 12.1
Apple	N/A	iCloud for Windows versions antérieures à 7.8
Apple	macOS	macOS Mojave versions antérieures à 10.14
Apple	N/A	iTunes versions antérieures à 12.9.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT209192 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209193 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209195 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209196 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209197 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209194 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209198 du 30 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 12.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud for Windows versions ant\u00e9rieures \u00e0 7.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions ant\u00e9rieures \u00e0 10.14",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4310"
    },
    {
      "name": "CVE-2017-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
    },
    {
      "name": "CVE-2018-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4391"
    },
    {
      "name": "CVE-2018-8777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
    },
    {
      "name": "CVE-2018-4368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4368"
    },
    {
      "name": "CVE-2018-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4395"
    },
    {
      "name": "CVE-2018-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4425"
    },
    {
      "name": "CVE-2018-4259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4259"
    },
    {
      "name": "CVE-2018-4400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4400"
    },
    {
      "name": "CVE-2018-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4415"
    },
    {
      "name": "CVE-2018-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4427"
    },
    {
      "name": "CVE-2018-4369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4369"
    },
    {
      "name": "CVE-2018-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4396"
    },
    {
      "name": "CVE-2018-4291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4291"
    },
    {
      "name": "CVE-2017-12618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12618"
    },
    {
      "name": "CVE-2018-4374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4374"
    },
    {
      "name": "CVE-2017-10784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
    },
    {
      "name": "CVE-2018-4350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4350"
    },
    {
      "name": "CVE-2018-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4386"
    },
    {
      "name": "CVE-2018-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4417"
    },
    {
      "name": "CVE-2018-4331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4331"
    },
    {
      "name": "CVE-2018-4398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4398"
    },
    {
      "name": "CVE-2018-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4412"
    },
    {
      "name": "CVE-2018-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4420"
    },
    {
      "name": "CVE-2017-14064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
    },
    {
      "name": "CVE-2018-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4392"
    },
    {
      "name": "CVE-2018-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4409"
    },
    {
      "name": "CVE-2018-8778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
    },
    {
      "name": "CVE-2018-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4419"
    },
    {
      "name": "CVE-2018-4371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4371"
    },
    {
      "name": "CVE-2018-4348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4348"
    },
    {
      "name": "CVE-2018-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4382"
    },
    {
      "name": "CVE-2018-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4424"
    },
    {
      "name": "CVE-2017-12613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
    },
    {
      "name": "CVE-2018-4288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4288"
    },
    {
      "name": "CVE-2018-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4203"
    },
    {
      "name": "CVE-2017-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
    },
    {
      "name": "CVE-2018-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
    },
    {
      "name": "CVE-2018-4402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4402"
    },
    {
      "name": "CVE-2018-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4377"
    },
    {
      "name": "CVE-2018-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4378"
    },
    {
      "name": "CVE-2018-4341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4341"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4426"
    },
    {
      "name": "CVE-2018-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4367"
    },
    {
      "name": "CVE-2018-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4399"
    },
    {
      "name": "CVE-2018-4342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4342"
    },
    {
      "name": "CVE-2018-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4389"
    },
    {
      "name": "CVE-2018-4403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4403"
    },
    {
      "name": "CVE-2018-4411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4411"
    },
    {
      "name": "CVE-2018-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4408"
    },
    {
      "name": "CVE-2018-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4375"
    },
    {
      "name": "CVE-2018-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4418"
    },
    {
      "name": "CVE-2018-4340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4340"
    },
    {
      "name": "CVE-2018-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4394"
    },
    {
      "name": "CVE-2018-4365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4365"
    },
    {
      "name": "CVE-2018-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6797"
    },
    {
      "name": "CVE-2018-4308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4308"
    },
    {
      "name": "CVE-2018-4126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4126"
    },
    {
      "name": "CVE-2018-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4376"
    },
    {
      "name": "CVE-2017-17742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
    },
    {
      "name": "CVE-2018-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4286"
    },
    {
      "name": "CVE-2018-4334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4334"
    },
    {
      "name": "CVE-2018-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4304"
    },
    {
      "name": "CVE-2018-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4393"
    },
    {
      "name": "CVE-2018-4354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4354"
    },
    {
      "name": "CVE-2018-4406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4406"
    },
    {
      "name": "CVE-2018-4372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4372"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-4287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4287"
    },
    {
      "name": "CVE-2018-8780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
    },
    {
      "name": "CVE-2018-6914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
    },
    {
      "name": "CVE-2018-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4423"
    },
    {
      "name": "CVE-2018-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4385"
    },
    {
      "name": "CVE-2018-4153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4153"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    },
    {
      "name": "CVE-2018-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4388"
    },
    {
      "name": "CVE-2018-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4373"
    },
    {
      "name": "CVE-2018-4295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4295"
    },
    {
      "name": "CVE-2018-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4416"
    },
    {
      "name": "CVE-2018-4366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4366"
    },
    {
      "name": "CVE-2018-4401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4401"
    },
    {
      "name": "CVE-2018-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4410"
    },
    {
      "name": "CVE-2018-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4242"
    },
    {
      "name": "CVE-2018-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4384"
    },
    {
      "name": "CVE-2018-4422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4422"
    },
    {
      "name": "CVE-2018-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4413"
    },
    {
      "name": "CVE-2018-4407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4407"
    },
    {
      "name": "CVE-2018-4346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4346"
    },
    {
      "name": "CVE-2017-17405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
    },
    {
      "name": "CVE-2018-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4387"
    },
    {
      "name": "CVE-2018-4326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4326"
    },
    {
      "name": "CVE-2018-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4390"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-524",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209192 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209192"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209193 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209193"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209195 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209195"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209196 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209197 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209197"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209194 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209194"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209198 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209198"
    }
  ]
}

FKIE_CVE-2018-4412

Vulnerability from fkie_nvd - Published: 2019-04-03 18:29 - Updated: 2024-11-21 04:07

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/kb/HT209106	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT209107	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT209108	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT209139	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT209140	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT209141	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT209193	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT209106	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT209107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT209108	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT209139	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT209140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT209141	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT209193	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*
apple	icloud	*
apple	itunes	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A59AD6-A000-48BE-A575-D1A39DCB0D88",
              "versionEndExcluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2491B4-5132-44CF-AB9A-FAC1926FE66E",
              "versionEndExcluding": "10.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "072DC7F5-B539-478D-B566-7F3FF2BC2671",
              "versionEndExcluding": "12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "397E2910-7F1A-4576-B28D-E5796DE20CC8",
              "versionEndExcluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E92A7FC9-12AE-4E07-BA72-0A4075119426",
              "versionEndExcluding": "7.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48FFD64E-C6DE-41EA-A70C-3E25F133901F",
              "versionEndExcluding": "12.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7."
    },
    {
      "lang": "es",
      "value": "Un problema de corrupci\u00f3n de memoria se abord\u00f3 con una validaci\u00f3n de entradas mejorada. El problema afectaba a iOS en versiones anteriores a la 12, macOS Mojave en versiones anteriores a la 10.14, tvOS en versiones anteriores a la 12, watchOS en versiones anteriores a la 5, iTunes en versiones anteriores a la 12.9 para Windows y iCloud para Windows en versiones anteriores a la 7.7."
    }
  ],
  "id": "CVE-2018-4412",
  "lastModified": "2024-11-21T04:07:21.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-03T18:29:14.033",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209106"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209107"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209108"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209139"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209140"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209141"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT209193"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201904-1372

Vulnerability from variot - Updated: 2023-12-18 11:43

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. macOS High Sierra is its next generation. CoreFoundation is one of the C language application programming interface (API) components. A security vulnerability exists in the CoreFoundation component of Apple macOS Sierra version 10.12.6 and macOS High Sierra version 10.13.6. An attacker could exploit this vulnerability with a malicious application to elevate privileges (memory corruption). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows

iTunes 12.9 for Windows addresses the following:

CFNetwork Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018

CoreFoundation Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018

CoreFoundation Available for: Windows 7 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018

CoreText Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero

WebKit Available for: Windows 7 and later Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4191: found by OSS-Fuzz

WebKit Available for: Windows 7 and later Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike)

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018

WebKit Available for: Windows 7 and later Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google

WebKit Available for: Windows 7 and later Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative

WebKit Available for: Windows 7 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz

Additional recognition

SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.

WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.

Installation note:

iTunes 12.9 for Windows may be obtained from: https://www.apple.com/itunes/download/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H36BAA kOdio5aQDT6TT5y302gTD8IRudSct/JHVCjMbaEU4Q28RKb5yumU3j+x3QylMwx8 n60VkwST8bzxjffZa+ER8F+8+NdPdcWtyYPHauEOt/ICKWLmxXZr3JIXk1XIxwz2 I9Ca9kkO+q6lWSjYVk44ZnEplEj4UctE8FoDTCXOsaATcPOeNGZttxjHBZLEnMHg 7vcFaJ7fQQf3ECuZG7HLXWvelQCzOSR1dNXUeAXTPoVrKAEBRk7Z8/UlB/mRYntv 0GSaJZCIMO8r/TwS/+KWzHgtRREusR9Sk827yDVZoqL8q3mMprIoospOiHsezEnq RReMU2sNCc6mm2x28gnZrjQgxPL4abwV+z/P8oloOjnN3gydUnQXFM606z2ZCp2y GgjrnIjLtlri1rx1wLccqMPi2GZFmOcNvgPBBuHfWj5GpPjE6ILWXcy6cg+hfgD9 CCUMqJFTW3gclGjno5nfqq7yaxJaD+CniGNhFxZxhOVbTXzMQ7T24biUz+ulr0Ip Yi11Xlb+xUk9SGP0ioci9nsfV8MAKy4eb/JpDIXBkQL9LWzp4z+gYeoNUZOyK9pB Mr3Kn15K76ApsoBFkFNI2AXwvXFtda5no5jy7EarbefmyD1BA0W9Tfg1kJEmh1J5 cdFwOCALT9HHUn7bccDIPvQlVH/sgEjVkMRapHl72SE= =5IB1 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1372",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "apple",
        "version": "10.14"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.9"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.7"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.6"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.7   (windows 7 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12   (ipad air or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12   (iphone 5s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12   (ipod touch first  6 generation )"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.9   (windows 7 or later )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12   (apple tv 4k)"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12   (apple tv first  4 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5   (apple watch series 1 or later )"
      },
      {
        "model": "macos mojave",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14 earlier"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.7 earlier"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.0.1 earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The UK\u0027s National Cyber Security Centre (NCSC)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-4412",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-4412",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-134443",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-4412",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4412",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-1515",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134443",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-4412",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. macOS High Sierra is its next generation. CoreFoundation is one of the C language application programming interface (API) components. A security vulnerability exists in the CoreFoundation component of Apple macOS Sierra version 10.12.6 and macOS High Sierra version 10.13.6. An attacker could exploit this vulnerability with a malicious application to elevate privileges (memory corruption). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-10-30-13 Additional information for\nAPPLE-SA-2018-9-24-2 iTunes 12.9 for Windows\n\niTunes 12.9 for Windows addresses the following:\n\nCFNetwork\nAvailable for: Windows 7 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Windows 7 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4412: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Windows 7 and later\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4414: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreText\nAvailable for: Windows 7 and later\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4347: an anonymous researcher\nEntry added October 30, 2018\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4197: Ivan Fratric of Google Project Zero\nCVE-2018-4306: Ivan Fratric of Google Project Zero\nCVE-2018-4312: Ivan Fratric of Google Project Zero\nCVE-2018-4314: Ivan Fratric of Google Project Zero\nCVE-2018-4315: Ivan Fratric of Google Project Zero\nCVE-2018-4317: Ivan Fratric of Google Project Zero\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: A malicious website may exfiltrate image data cross-origin\nDescription: A cross-site scripting issue existed in Safari. \nCVE-2018-4191: found by OSS-Fuzz\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Cross-origin SecurityErrors includes the accessed frame\u0027s\norigin\nDescription: The issue was addressed by removing origin information. \nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan\nTeam\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro\u0027s Zero\nDay Initiative\nCVE-2018-4323: Ivan Fratric of Google Project Zero\nCVE-2018-4328: Ivan Fratric of Google Project Zero\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with\nTrend Micro\u0027s Zero Day Initiative\nCVE-2018-4359: Samuel GroA (@5aelo)\nCVE-2018-4360: William Bowling (@wcbowling)\nEntry added October 30, 2018\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: A malicious website may cause unexepected cross-origin\nbehavior\nDescription: A cross-origin issue existed with \"iframe\" elements. \nCVE-2018-4319: John Pettitt of Google\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A cross-site scripting issue existed in Safari. \nCVE-2018-4309: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2018-4361: found by OSS-Fuzz\n\nAdditional recognition\n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nWebKit\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360\nVuclan team, Tencent Keen Security Lab working with Trend Micro\u0027s\nZero Day Initiative, and Zach Malone of CA Technologies for their\nassistance. \n\nInstallation note:\n\niTunes 12.9 for Windows may be obtained from:\nhttps://www.apple.com/itunes/download/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H36BAA\nkOdio5aQDT6TT5y302gTD8IRudSct/JHVCjMbaEU4Q28RKb5yumU3j+x3QylMwx8\nn60VkwST8bzxjffZa+ER8F+8+NdPdcWtyYPHauEOt/ICKWLmxXZr3JIXk1XIxwz2\nI9Ca9kkO+q6lWSjYVk44ZnEplEj4UctE8FoDTCXOsaATcPOeNGZttxjHBZLEnMHg\n7vcFaJ7fQQf3ECuZG7HLXWvelQCzOSR1dNXUeAXTPoVrKAEBRk7Z8/UlB/mRYntv\n0GSaJZCIMO8r/TwS/+KWzHgtRREusR9Sk827yDVZoqL8q3mMprIoospOiHsezEnq\nRReMU2sNCc6mm2x28gnZrjQgxPL4abwV+z/P8oloOjnN3gydUnQXFM606z2ZCp2y\nGgjrnIjLtlri1rx1wLccqMPi2GZFmOcNvgPBBuHfWj5GpPjE6ILWXcy6cg+hfgD9\nCCUMqJFTW3gclGjno5nfqq7yaxJaD+CniGNhFxZxhOVbTXzMQ7T24biUz+ulr0Ip\nYi11Xlb+xUk9SGP0ioci9nsfV8MAKy4eb/JpDIXBkQL9LWzp4z+gYeoNUZOyK9pB\nMr3Kn15K76ApsoBFkFNI2AXwvXFtda5no5jy7EarbefmyD1BA0W9Tfg1kJEmh1J5\ncdFwOCALT9HHUn7bccDIPvQlVH/sgEjVkMRapHl72SE=\n=5IB1\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4412"
      },
      {
        "db": "PACKETSTORM",
        "id": "150115"
      },
      {
        "db": "PACKETSTORM",
        "id": "150114"
      }
    ],
    "trust": 3.42
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4412",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99356481",
        "trust": 1.6
      },
      {
        "db": "JVN",
        "id": "JVNVU92800088",
        "trust": 1.6
      },
      {
        "db": "JVN",
        "id": "JVNVU93341447",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007762",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008148",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-134443",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4412",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150115",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150114",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "db": "PACKETSTORM",
        "id": "150115"
      },
      {
        "db": "PACKETSTORM",
        "id": "150114"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ]
  },
  "id": "VAR-201904-1372",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134443"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:43:58.880000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT209141",
        "trust": 1.6,
        "url": "https://support.apple.com/en-us/ht209141"
      },
      {
        "title": "HT209139",
        "trust": 1.6,
        "url": "https://support.apple.com/en-us/ht209139"
      },
      {
        "title": "HT209140",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209140"
      },
      {
        "title": "HT209193",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209193"
      },
      {
        "title": "HT209106",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209106"
      },
      {
        "title": "HT209107",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209107"
      },
      {
        "title": "HT209108",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209108"
      },
      {
        "title": "HT209141",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht209141"
      },
      {
        "title": "HT209193",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht209193"
      },
      {
        "title": "HT209106",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht209106"
      },
      {
        "title": "HT209107",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht209107"
      },
      {
        "title": "HT209108",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht209108"
      },
      {
        "title": "HT209139",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht209139"
      },
      {
        "title": "HT209140",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht209140"
      },
      {
        "title": "About the security content of iOS 12.0.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209162"
      },
      {
        "title": "Apple macOS CoreFoundation Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86493"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht209106"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht209107"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht209108"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht209139"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht209140"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht209141"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht209193"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4412"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4412"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93341447/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99356481/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92800088/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99356481/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu92800088"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4319"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4311"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4414"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4126"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4345"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4360"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4347"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2018/nov/19"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "db": "PACKETSTORM",
        "id": "150115"
      },
      {
        "db": "PACKETSTORM",
        "id": "150114"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "db": "PACKETSTORM",
        "id": "150115"
      },
      {
        "db": "PACKETSTORM",
        "id": "150114"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "date": "2019-04-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4412"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "date": "2018-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "date": "2018-10-31T16:10:39",
        "db": "PACKETSTORM",
        "id": "150115"
      },
      {
        "date": "2018-10-31T16:10:29",
        "db": "PACKETSTORM",
        "id": "150114"
      },
      {
        "date": "2019-04-03T18:29:14.033000",
        "db": "NVD",
        "id": "CVE-2018-4412"
      },
      {
        "date": "2018-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134443"
      },
      {
        "date": "2019-04-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4412"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      },
      {
        "date": "2018-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007762"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008148"
      },
      {
        "date": "2019-04-08T14:18:17.767000",
        "db": "NVD",
        "id": "CVE-2018-4412"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Memory corruption vulnerability in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014890"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1515"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4412 (GCVE-0-2018-4412)

GHSA-6H75-3WP6-5JW3

CNVD-2018-22960

GSD-2018-4412

CERTFR-2018-AVI-524

Solution

CERTFR-2018-AVI-524

Solution

FKIE_CVE-2018-4412

VAR-201904-1372

Tags

Sightings

Nomenclature