Sign-up

ID

VAR-201904-1381


CVE

CVE-2018-4421


TITLE

plural Apple Updates to product vulnerabilities

Trust: 1.6

sources: JVNDB: JVNDB-2018-010217 // JVNDB: JVNDB-2018-008908

DESCRIPTION

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Mojave Has a memory initialization vulnerability due to a flaw in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel HD Graphics 5000 is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to execute arbitrary code with kernel privileges. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. An attacker could exploit this vulnerability to elevate privileges

Trust: 3.42

sources: NVD: CVE-2018-4421 // JVNDB: JVNDB-2018-010217 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014862 // BID: 106760 // VULHUB: VHN-134452

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 7.9 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.2 for windows earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-003 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.2 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-006 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.2 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1.2 earlier

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14

Trust: 0.8

vendor:intelmodel:hd graphicsscope:eqversion:50000

Trust: 0.3

vendor:applemodel:security update sierrascope:eqversion:2018-0060

Trust: 0.3

vendor:applemodel:security update sierrascope:eqversion:2018-0050

Trust: 0.3

vendor:applemodel:security update high sierrascope:eqversion:2018-0030

Trust: 0.3

vendor:applemodel:security update high sierrascope:eqversion:2018-0020

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.6

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.14

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.14.2

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.14.1

Trust: 0.3

sources: BID: 106760 // JVNDB: JVNDB-2018-010217 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014862 // NVD: CVE-2018-4421

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4421
value: HIGH

Trust: 1.0

NVD: CVE-2018-4421
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-436
value: HIGH

Trust: 0.6

VULHUB: VHN-134452
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4421
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134452
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4421
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134452 // JVNDB: JVNDB-2018-014862 // CNNVD: CNNVD-201901-436 // NVD: CVE-2018-4421

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134452 // JVNDB: JVNDB-2018-014862 // NVD: CVE-2018-4421

THREAT TYPE

local

Trust: 0.9

sources: BID: 106760 // CNNVD: CNNVD-201901-436

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-436

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010217

PATCH
title:About the security content of macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierraurl:https://support.apple.com/en-us/HT209341
Trust: 1.6
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 1.6
title:About the security content of tvOS 12.1.1url:https://support.apple.com/en-us/HT209342
Trust: 0.8
title:About the security content of watchOS 5.1.2url:https://support.apple.com/ja-jp/HT209343
Trust: 0.8
title:About the security content of Safari 12.0.2url:https://support.apple.com/en-us/HT209344
Trust: 0.8
title:About the security content of iCloud for Windows 7.9url:https://support.apple.com/en-us/HT209346
Trust: 0.8
title:About the security content of iOS 12.1.1url:https://support.apple.com/en-us/HT209340
Trust: 0.8
title:About the security content of iTunes 12.9.2 for Windowsurl:https://support.apple.com/en-us/HT209345
Trust: 0.8
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:HT209341url:https://support.apple.com/ja-jp/HT209341
Trust: 0.8
title:Apple macOS Intel Graphics Driver Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88600
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010217 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014862 // 
            
            
            
            CNNVD: CNNVD-201901-436

EXTERNAL IDS
db:NVDid:CVE-2018-4421
Trust: 2.8
db:JVNid:JVNVU92431031
Trust: 1.6
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNDBid:JVNDB-2018-010217
Trust: 0.8
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:JVNDBid:JVNDB-2018-014862
Trust: 0.8
db:CNNVDid:CNNVD-201901-436
Trust: 0.7
db:TALOSid:TALOS-2018-0615
Trust: 0.3
db:BIDid:106760
Trust: 0.3
db:VULHUBid:VHN-134452
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134452 // 
            
            
            
            BID: 106760 // 
            
            
            
            JVNDB: JVNDB-2018-010217 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014862 // 
            
            
            
            CNNVD: CNNVD-201901-436 // 
            
            
            
            NVD: CVE-2018-4421

REFERENCES
url:https://support.apple.com/kb/ht209193
Trust: 1.7
url:https://support.apple.com/kb/ht209341
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-4421
Trust: 1.4
url:https://jvn.jp/vu/jvnvu92431031/
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4421
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92431031/index.html
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
url:https://support.apple.com/en-us/ht209193
Trust: 0.3
url:https://support.apple.com/en-in/ht209341
Trust: 0.3
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0615
Trust: 0.3
sources:
            
            
            VULHUB: VHN-134452 // 
            
            
            
            BID: 106760 // 
            
            
            
            JVNDB: JVNDB-2018-010217 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014862 // 
            
            
            
            CNNVD: CNNVD-201901-436 // 
            
            
            
            NVD: CVE-2018-4421

CREDITS
Tyler Bohan of Cisco Talos.
Trust: 0.3
sources:
            
            
            BID: 106760

SOURCES
db:VULHUBid:VHN-134452
db:BIDid:106760
db:JVNDBid:JVNDB-2018-010217
db:JVNDBid:JVNDB-2018-008908
db:JVNDBid:JVNDB-2018-014862
db:CNNVDid:CNNVD-201901-436
db:NVDid:CVE-2018-4421

LAST UPDATE DATE
2024-11-23T20:23:19.422000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134452date:2019-04-05T00:00:00
db:BIDid:106760date:2018-12-21T00:00:00
db:JVNDBid:JVNDB-2018-010217date:2018-12-10T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014862date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201901-436date:2019-04-08T00:00:00
db:NVDid:CVE-2018-4421date:2024-11-21T04:07:22.850

SOURCES RELEASE DATE
db:VULHUBid:VHN-134452date:2019-04-03T00:00:00
db:BIDid:106760date:2018-12-21T00:00:00
db:JVNDBid:JVNDB-2018-010217date:2018-12-07T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014862date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201901-436date:2019-01-14T00:00:00
db:NVDid:CVE-2018-4421date:2019-04-03T18:29:14.957