Sign-up

ID

VAR-201804-1164


CVE

CVE-2018-4164


TITLE

Apple Xcode of LLVM Component vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-003657

DESCRIPTION

An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component. Attackers can exploit these issues to perform unauthorized actions. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. LLVM (Low Level Virtual Machine) is a framework system of a framework compiler (compiler) developed by the LLVM team. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-4 Xcode 9.3 Xcode 9.3 is now available and addresses the following: LLVM Available for: macOS High Sierra 10.13.2 or later Impact: Multiple issues in llvm were addressed in this update Description: Multiple issues were addressed by updating to version the current version of LLVM shipping with Xcode. CVE-2018-4164: found by OSS-Fuzz Installation note: Xcode 9.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "9.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlwpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZaQg// fkrqYe4+rMCGg+cJfuC2IWAVH2xzlgKTqfGfOGPo1b8WO4dYYAjmNhKGS3XnMB7d tcfDQRyEQIgXWdSON9uVmEAkziLjeqAHerUgD2M2XWz2XTY3HLbEvJr3wOi8/CI1 w+e33MNp/dJVZScyrqvqz1tPB/va9kbnmtM2YTdqRdkPNrLjmKiimLqZjrWTfKxE f8lbwhGV7pZaCNQvI3YN3TdvTd2JECw08OqiCdEUO5NHFSXZrgm+Q8cnYfo0xv6y ArPFLqRw0xIkWVp2SGp7gj346uKOtVEfZ0UPXCSMtMCpBVGpyKb+ev7EwSB0ctC1 hqHIfo/4JD7AyJssGsZ6aB3bi4fvC3K4fbdR+NbpbWrxj5QFPl3iJgKTmn0IwMLU oPBZ6f8FZQFR/Pj6/OS11VcUgSAL1iMB8A10utDsDl3a7Ke1MthUpdCBbwam+I/Y fR50qGZC+p+B6uW7nRN91QxR6iyMZDHMUM2DEId4WkYHRAve8ecMa5YB2s22iQX8 Vq/BWijO7FRZIp057fRTg/C5lxpxqP0bLYXtyWVTPHW9PNKI0qurQN+JExQU1Grz /bd9h+UbOiqXz+0YmstVJGDVgAw1uMvzCnjfB5l5p8ZDTz7LwksRUIOHJi2lA0+n BaZNZOnz2Ystn5PhNL98Mcm+CwkP8pGK/9vDy8ZU3FY= =3u9H -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2018-4164 // JVNDB: JVNDB-2018-003657 // BID: 103583 // VULHUB: VHN-134195 // VULMON: CVE-2018-4164 // PACKETSTORM: 146967

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:ltversion:9.3

Trust: 1.0

vendor:applemodel:xcodescope:eqversion:4.4

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.3.3

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.3.2

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.3.1

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.3

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.2.1

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.2

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.1.1

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.0.2

Trust: 0.9

vendor:applemodel:xcodescope:eqversion:4.0.1

Trust: 0.9

vendor:applemodel:xcodescope:ltversion:9.3 (macos high sierra 10.13.2 or later )

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:9

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:8.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:8

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:1.5

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13

Trust: 0.3

vendor:applemodel:xcodescope:neversion:9.3

Trust: 0.3

sources: BID: 103583 // JVNDB: JVNDB-2018-003657 // CNNVD: CNNVD-201804-147 // NVD: CVE-2018-4164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4164
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4164
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-147
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134195
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4164
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4164
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134195
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4164
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134195 // VULMON: CVE-2018-4164 // JVNDB: JVNDB-2018-003657 // CNNVD: CNNVD-201804-147 // NVD: CVE-2018-4164

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-4164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-147

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-147

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003657

PATCH
title:HT208699url:https://support.apple.com/en-us/HT208699
Trust: 0.8
title:HT208699url:https://support.apple.com/ja-jp/HT208699
Trust: 0.8
title:Apple Xcode LLVM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82999
Trust: 0.6
title:Apple: Xcode 9.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=79dc4e2e085828ab0b945239fa80409e
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4164 // 
            
            
            
            JVNDB: JVNDB-2018-003657 // 
            
            
            
            CNNVD: CNNVD-201804-147

EXTERNAL IDS
db:NVDid:CVE-2018-4164
Trust: 3.0
db:BIDid:103583
Trust: 1.5
db:SECTRACKid:1040610
Trust: 1.2
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNDBid:JVNDB-2018-003657
Trust: 0.8
db:CNNVDid:CNNVD-201804-147
Trust: 0.7
db:PACKETSTORMid:146967
Trust: 0.2
db:VULHUBid:VHN-134195
Trust: 0.1
db:VULMONid:CVE-2018-4164
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134195 // 
            
            
            
            VULMON: CVE-2018-4164 // 
            
            
            
            BID: 103583 // 
            
            
            
            JVNDB: JVNDB-2018-003657 // 
            
            
            
            PACKETSTORM: 146967 // 
            
            
            
            CNNVD: CNNVD-201804-147 // 
            
            
            
            NVD: CVE-2018-4164

REFERENCES
url:https://support.apple.com/ht208699
Trust: 1.8
url:http://lists.llvm.org/pipermail/llvm-commits/
Trust: 1.8
url:http://releases.llvm.org/
Trust: 1.8
url:https://developer.apple.com/library/content/releasenotes/developertools/rn-xcode/chapters/introduction.html
Trust: 1.8
url:http://www.securityfocus.com/bid/103583
Trust: 1.3
url:http://www.securitytracker.com/id/1040610
Trust: 1.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4164
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4164
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:https://developer.apple.com/xcode/
Trust: 0.3
url:https://support.apple.com/en-ie/ht208699
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht208699
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://developer.apple.com/xcode/downloads/
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134195 // 
            
            
            
            VULMON: CVE-2018-4164 // 
            
            
            
            BID: 103583 // 
            
            
            
            JVNDB: JVNDB-2018-003657 // 
            
            
            
            PACKETSTORM: 146967 // 
            
            
            
            CNNVD: CNNVD-201804-147 // 
            
            
            
            NVD: CVE-2018-4164

CREDITS
OSS-Fuzz
Trust: 0.3
sources:
            
            
            BID: 103583

SOURCES
db:VULHUBid:VHN-134195
db:VULMONid:CVE-2018-4164
db:BIDid:103583
db:JVNDBid:JVNDB-2018-003657
db:PACKETSTORMid:146967
db:CNNVDid:CNNVD-201804-147
db:NVDid:CVE-2018-4164

LAST UPDATE DATE
2024-08-14T12:38:18.766000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134195date:2018-05-04T00:00:00
db:VULMONid:CVE-2018-4164date:2018-05-04T00:00:00
db:BIDid:103583date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003657date:2018-05-31T00:00:00
db:CNNVDid:CNNVD-201804-147date:2018-04-09T00:00:00
db:NVDid:CVE-2018-4164date:2018-05-04T14:41:24.253

SOURCES RELEASE DATE
db:VULHUBid:VHN-134195date:2018-04-03T00:00:00
db:VULMONid:CVE-2018-4164date:2018-04-03T00:00:00
db:BIDid:103583date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003657date:2018-05-31T00:00:00
db:PACKETSTORMid:146967date:2018-03-30T15:53:11
db:CNNVDid:CNNVD-201804-147date:2018-04-03T00:00:00
db:NVDid:CVE-2018-4164date:2018-04-03T06:29:07.610