Sign-up

ID

VAR-201804-1143


CVE

CVE-2018-4083


TITLE

Apple macOS of Touch Bar Support Vulnerability in component execution of arbitrary code in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2018-003668

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to macOS 10.13.3 are vulnerable. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

Trust: 1.98

sources: NVD: CVE-2018-4083 // JVNDB: JVNDB-2018-003668 // BID: 103330 // VULHUB: VHN-134114

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 1.4

vendor:applemodel:mac os xscope:ltversion:10.13.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.2

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.13.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13.3

Trust: 0.3

sources: BID: 103330 // JVNDB: JVNDB-2018-003668 // CNNVD: CNNVD-201803-1100 // NVD: CVE-2018-4083

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4083
value: HIGH

Trust: 1.0

NVD: CVE-2018-4083
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-1100
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134114
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4083
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134114
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4083
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134114 // JVNDB: JVNDB-2018-003668 // CNNVD: CNNVD-201803-1100 // NVD: CVE-2018-4083

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134114 // JVNDB: JVNDB-2018-003668 // NVD: CVE-2018-4083

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1100

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201803-1100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003668

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-134114

PATCH
title:HT208465url:https://support.apple.com/en-us/HT208465
Trust: 0.8
title:HT208465url:https://support.apple.com/ja-jp/HT208465
Trust: 0.8
title:Apple macOS High Sierra Touch Bar Support Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82854
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003668 // 
            
            
            
            CNNVD: CNNVD-201803-1100

EXTERNAL IDS
db:NVDid:CVE-2018-4083
Trust: 2.8
db:EXPLOIT-DBid:44007
Trust: 1.1
db:BIDid:103330
Trust: 1.0
db:JVNid:JVNVU99446427
Trust: 0.8
db:JVNDBid:JVNDB-2018-003668
Trust: 0.8
db:CNNVDid:CNNVD-201803-1100
Trust: 0.7
db:PACKETSTORMid:146312
Trust: 0.1
db:VULHUBid:VHN-134114
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134114 // 
            
            
            
            BID: 103330 // 
            
            
            
            JVNDB: JVNDB-2018-003668 // 
            
            
            
            CNNVD: CNNVD-201803-1100 // 
            
            
            
            NVD: CVE-2018-4083

REFERENCES
url:https://support.apple.com/ht208465
Trust: 1.7
url:https://www.exploit-db.com/exploits/44007/
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4083
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99446427/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4083
Trust: 0.8
url:http://www.securityfocus.com/bid/103330
Trust: 0.6
url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1430
Trust: 0.3
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-il/ht208465
Trust: 0.3
sources:
            
            
            VULHUB: VHN-134114 // 
            
            
            
            BID: 103330 // 
            
            
            
            JVNDB: JVNDB-2018-003668 // 
            
            
            
            CNNVD: CNNVD-201803-1100 // 
            
            
            
            NVD: CVE-2018-4083

CREDITS
Ian Beer of Google Project Zero
Trust: 0.9
sources:
            
            
            BID: 103330 // 
            
            
            
            CNNVD: CNNVD-201803-1100

SOURCES
db:VULHUBid:VHN-134114
db:BIDid:103330
db:JVNDBid:JVNDB-2018-003668
db:CNNVDid:CNNVD-201803-1100
db:NVDid:CVE-2018-4083

LAST UPDATE DATE
2024-11-23T19:54:36.048000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134114date:2018-04-27T00:00:00
db:BIDid:103330date:2018-02-09T00:00:00
db:JVNDBid:JVNDB-2018-003668date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201803-1100date:2018-03-30T00:00:00
db:NVDid:CVE-2018-4083date:2024-11-21T04:06:42.637

SOURCES RELEASE DATE
db:VULHUBid:VHN-134114date:2018-04-03T00:00:00
db:BIDid:103330date:2018-02-09T00:00:00
db:JVNDBid:JVNDB-2018-003668date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201803-1100date:2018-03-30T00:00:00
db:NVDid:CVE-2018-4083date:2018-04-03T06:29:02.890