Details of VAR-201806-1447

ID

VAR-201806-1447

CVE

CVE-2018-4243

TITLE

plural Apple Buffer overflow vulnerability in product kernel component

Trust: 0.8

sources: JVNDB: JVNDB-2018-005519

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.4; macOS High Sierra prior to 10.13.5; tvOS prior to 11.4; watchOS prior to 4.3.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan address the following: Accessibility Framework Available for: macOS High Sierra 10.13.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An information disclosure issue existed in Accessibility Framework. This issue was addressed with improved memory management. CVE-2018-4196: G. Geshev working with Trend Micro's Zero Day Initiative, an anonymous researcher AMD Available for: macOS High Sierra 10.13.4 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team apache_mod_php Available for: macOS High Sierra 10.13.4 Impact: Issues in php were addressed in this update Description: This issue was addressed by updating to php version 7.1.16. CVE-2018-7584: Wei Lei and Liu Yang of Nanyang Technological University ATS Available for: macOS High Sierra 10.13.4 Impact: A malicious application may be able to elevate privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4219: Mohamed Ghannam (@_simo36) Bluetooth Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: A malicious application may be able to determine kernel memory layout. Description: An information disclosure issue existed in device properties. This issue was addressed with improved object management. CVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team Bluetooth Available for: MacBook Pro (Retina, 15-inch, Mid 2015), MacBook Pro (Retina, 15-inch, 2015), MacBook Pro (Retina, 13-inch, Early 2015), MacBook Pro (15-inch, 2017), MacBook Pro (15-inch, 2016), MacBook Pro (13-inch, Late 2016, Two Thunderbolt 3 Ports), MacBook Pro (13-inch, Late 2016, Four Thunderbolt 3 Ports), MacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports), MacBook (Retina, 12-inch, Early 2016), MacBook (Retina, 12-inch, Early 2015), MacBook (Retina, 12-inch, 2017), iMac Pro, iMac (Retina 5K, 27-inch, Late 2015), iMac (Retina 5K, 27-inch, 2017), iMac (Retina 4K, 21.5-inch, Late 2015), iMac (Retina 4K, 21.5-inch, 2017), iMac (21.5-inch, Late 2015), and iMac (21.5-inch, 2017) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Firmware Available for: macOS High Sierra 10.13.4 Impact: A malicious application with root privileges may be able to modify the EFI flash memory region Description: A device configuration issue was addressed with an updated configuration. CVE-2018-4251: Maxim Goryachy and Mark Ermolov FontParser Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Grand Central Dispatch Available for: macOS High Sierra 10.13.4 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An issue existed in parsing entitlement plists. This issue was addressed with improved input validation. CVE-2018-4229: Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg Graphics Drivers Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4159: Axis and pjf of IceSword Lab of Qihoo 360 Hypervisor Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team iBooks Available for: macOS High Sierra 10.13.4 Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime Intel Graphics Driver Available for: macOS High Sierra 10.13.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4141: an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team IOFireWireAVC Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2018-4228: Benjamin Gnahm (@mitp0sh) of Mentor Graphics IOGraphics Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4236: Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team IOHIDFamily Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4234: Proteas of Qihoo 360 Nirvan Team Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception after certain instructions. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes. CVE-2018-8897: Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC Kernel Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero libxpc Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Mail Available for: macOS High Sierra 10.13.4 Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences , Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Messages Available for: macOS High Sierra 10.13.4 Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: macOS High Sierra 10.13.4 Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd NVIDIA Graphics Drivers Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2018-4230: Ian Beer of Google Project Zero Security Available for: macOS High Sierra 10.13.4 Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) Security Available for: macOS High Sierra 10.13.4 Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificaties. This issue was addressed with improved validation of S-MIME certificates. CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences , Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Security Available for: macOS High Sierra 10.13.4 Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: macOS High Sierra 10.13.4 Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: macOS High Sierra 10.13.4 Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) Speech Available for: macOS High Sierra 10.13.4 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A sandbox issue existed in the handling of microphone access. This issue was addressed with improved handling of microphone access. CVE-2018-4184: Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg UIKit Available for: macOS High Sierra 10.13.4 Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes Windows Server Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4193: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative Installation note: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUsfgACgkQ8ecVjteJ iCafWxAAhgLQIu5BifHdgdN31zuPc8tIhsIAuDiAOXJX9JopRhlbs9KrQCNdz/x2 qDiCmneKttwVIhu9Os3WHLNrSxiWCphz7zhD2WIhN3H7/eF9CE2Po8BJHeZGm22K grdfcc27eGN8AusFxRZ1HfhtCToDVNVDkbwO2nnZ0odEO1cZS8Ray2vcgcX0tRD/ X44amocIlVmC67GgwCH4+MSCdjyXcr6HSYiUcRSOuUFTWD3Q6FF3w5CfS6DMb3UO eUUJxExueT82InZHpL6qeuQprncqsJdtZqvK++YlAfMiFm6ePJHS4sQpvoxHIWv5 yDycGl0hc+pzO8icM1ayTFh8Ei+Txv69QKdUC8rTdiqvFh4/Le4dbh4rcmP3EXb5 JMaeIuuB7Pvvm2YXoRjz0HhIG6874lci7YX0fS/+IbkSuadd4F6TOiMnFNnO9IuC jvu9/f/+HA3e7meFA4Ori4TKW6UALPgpl9X6ohCzFDRVD7kHHmmWn4sCgcnovr8Q BJZCapHtS7cS6vGHk0auj2wLgeEUbyRGhI3F1WPIm/+e6y+cAiWqBmUBjVTOp5S+ KZEtw/BaRjFbgx97hwB+QA0AY8yzevAQMdyzqanUNhGCfWp3WfChUNESmRdrNUWy HDu7kphbN9EUETBHBEdA7ZE4qsP+70a6JTJ+SZ+7vB+YkrOabLU= =kM8d -----END PGP SIGNATURE----- . CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Apple TV will periodically check for software updates. Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.34

sources: NVD: CVE-2018-4243 // JVNDB: JVNDB-2018-005519 // VULHUB: VHN-134274 // VULMON: CVE-2018-4243 // PACKETSTORM: 148642 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148015

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	tv	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.4	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	tv	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	1.1.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.4.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.3.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	1.0.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.3.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.0.0	Trust: 0.6

sources: JVNDB: JVNDB-2018-005519 // CNNVD: CNNVD-201806-591 // NVD: CVE-2018-4243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4243
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4243
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-591
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-134274
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4243
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4243
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134274
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4243
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134274 // VULMON: CVE-2018-4243 // JVNDB: JVNDB-2018-005519 // CNNVD: CNNVD-201806-591 // NVD: CVE-2018-4243

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134274 // JVNDB: JVNDB-2018-005519 // NVD: CVE-2018-4243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-591

TYPE

overflow, code execution

Trust: 0.6

sources: PACKETSTORM: 148642 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148015

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005519

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134274 // VULMON: CVE-2018-4243

PATCH

title:	HT208848	url:	https://support.apple.com/en-us/HT208848	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/en-us/HT208849	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/en-us/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/en-us/HT208851	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/ja-jp/HT208848	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/ja-jp/HT208849	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/ja-jp/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/ja-jp/HT208851	Trust: 0.8
title:	Multiple Apple product kernel Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80785	Trust: 0.6
title:	Apple: watchOS 4.3.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f4c2f01c97a0857022a69b5486be838	Trust: 0.1
title:	Apple: tvOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d2d0b1ec71830547fb971d63ee3beadb	Trust: 0.1
title:	Apple: iOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f3db097f895347566033494c2dda90b	Trust: 0.1
title:	Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f93fc5c87ddc6e336e7b02ff3308dfe6	Trust: 0.1
title:	My-Coding-Bio	url:	https://github.com/NickA1260/My-Coding-Bio	Trust: 0.1
title:	jb5.0	url:	https://github.com/kazaf0322/jb5.0	Trust: 0.1
title:	jailbreakme	url:	https://github.com/Yangcheesen/jailbreakme	Trust: 0.1
title:	Exploit-WebKit	url:	https://github.com/markieeee/Exploit-WebKit	Trust: 0.1
title:	JailbreakMe	url:	https://github.com/awesomehd1/JailbreakMe	Trust: 0.1
title:	webvfs	url:	https://github.com/C9Shady/webvfs	Trust: 0.1
title:	webvfs	url:	https://github.com/nqcshady/webvfs	Trust: 0.1
title:	reverse-engineering-toolkit	url:	https://github.com/geeksniper/reverse-engineering-toolkit	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-for-macos-ios-safari-more/	Trust: 0.1

sources: VULMON: CVE-2018-4243 // JVNDB: JVNDB-2018-005519 // CNNVD: CNNVD-201806-591

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4243	Trust: 3.2
db:	SECTRACK	id:	1041027	Trust: 1.8
db:	EXPLOIT-DB	id:	44848	Trust: 1.8
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005519	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-591	Trust: 0.7
db:	PACKETSTORM	id:	148062	Trust: 0.1
db:	SEEBUG	id:	SSVID-97333	Trust: 0.1
db:	VULHUB	id:	VHN-134274	Trust: 0.1
db:	VULMON	id:	CVE-2018-4243	Trust: 0.1
db:	PACKETSTORM	id:	148642	Trust: 0.1
db:	PACKETSTORM	id:	148645	Trust: 0.1
db:	PACKETSTORM	id:	148644	Trust: 0.1
db:	PACKETSTORM	id:	148026	Trust: 0.1
db:	PACKETSTORM	id:	148027	Trust: 0.1
db:	PACKETSTORM	id:	148015	Trust: 0.1

sources: VULHUB: VHN-134274 // VULMON: CVE-2018-4243 // JVNDB: JVNDB-2018-005519 // PACKETSTORM: 148642 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148015 // CNNVD: CNNVD-201806-591 // NVD: CVE-2018-4243

REFERENCES

url:	https://www.exploit-db.com/exploits/44848/	Trust: 1.9
url:	https://support.apple.com/ht208848	Trust: 1.8
url:	https://support.apple.com/ht208849	Trust: 1.8
url:	https://support.apple.com/ht208850	Trust: 1.8
url:	https://support.apple.com/ht208851	Trust: 1.8
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1564	Trust: 1.8
url:	http://www.securitytracker.com/id/1041027	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4243	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4243	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht201222	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4249	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4235	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4224	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4198	Trust: 0.6
url:	https://www.apple.com/support/security/pgp/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4240	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4237	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4223	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4211	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4241	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4225	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4226	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4233	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4246	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4214	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4192	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4201	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4222	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4206	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4218	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4219	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4184	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4230	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4141	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4228	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4202	Trust: 0.2
url:	https://support.apple.com/downloads/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4196	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4229	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4234	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4159	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4221	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4236	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4242	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4227	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4171	Trust: 0.2
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4190	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4188	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4232	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4204	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4200	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4199	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nicka1260/my-coding-bio	Trust: 0.1
url:	https://support.apple.com/kb/ht208851	Trust: 0.1

CREDITS

Apple

Trust: 0.6

sources: PACKETSTORM: 148642 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148015

SOURCES

db:	VULHUB	id:	VHN-134274
db:	VULMON	id:	CVE-2018-4243
db:	JVNDB	id:	JVNDB-2018-005519
db:	PACKETSTORM	id:	148642
db:	PACKETSTORM	id:	148645
db:	PACKETSTORM	id:	148644
db:	PACKETSTORM	id:	148026
db:	PACKETSTORM	id:	148027
db:	PACKETSTORM	id:	148015
db:	CNNVD	id:	CNNVD-201806-591
db:	NVD	id:	CVE-2018-4243

LAST UPDATE DATE

2024-11-23T20:34:11.551000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134274	date:	2018-07-17T00:00:00
db:	VULMON	id:	CVE-2018-4243	date:	2018-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005519	date:	2018-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201806-591	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-4243	date:	2024-11-21T04:07:02.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134274	date:	2018-06-08T00:00:00
db:	VULMON	id:	CVE-2018-4243	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-005519	date:	2018-07-20T00:00:00
db:	PACKETSTORM	id:	148642	date:	2018-07-23T13:02:22
db:	PACKETSTORM	id:	148645	date:	2018-07-23T15:22:22
db:	PACKETSTORM	id:	148644	date:	2018-07-23T14:04:44
db:	PACKETSTORM	id:	148026	date:	2018-06-04T16:09:27
db:	PACKETSTORM	id:	148027	date:	2018-06-04T16:10:01
db:	PACKETSTORM	id:	148015	date:	2018-06-01T18:32:22
db:	CNNVD	id:	CNNVD-201806-591	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-4243	date:	2018-06-08T18:29:02.540