CVE-2018-4206

CVE Database · CVE-2018-4206

CVE-2018-4206

· N/AModified

CVSS v3.1

N/A

EPSS

4.98%

Published

Jun 8, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBApple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.

Weaknesses (CWE)

CWE-119

Affected Products (4)

apple · apple_tv (up to 11.4)vulnerable

apple · iphone_os (up to 11.3.1)vulnerable

apple · mac_os_x (up to 10.13.4)vulnerable

apple · watchos (up to 4.3.1)vulnerable

References (18)

http://www.securityfocus.com/bid/103957

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/103958

Third Party AdvisoryVDB Entry