Sign-up

ID

VAR-201804-1221


CVE

CVE-2018-4109


TITLE

plural Apple Product graphics driver component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2018-003697

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in the Graphics Driver component of Apple iOS versions prior to 11.2.5, tvOS versions prior to 11.2.5, and watchOS versions prior to 4.2.2

Trust: 1.71

sources: NVD: CVE-2018-4109 // JVNDB: JVNDB-2018-003697 // VULHUB: VHN-134140

AFFECTED PRODUCTS

vendor:applemodel:tvscope:ltversion:11.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.2.5

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:4.2.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11.2.5 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2.5 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2.5 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:4.2.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:2.2.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.0.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2.3

Trust: 0.6

sources: JVNDB: JVNDB-2018-003697 // CNNVD: CNNVD-201804-196 // NVD: CVE-2018-4109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4109
value: HIGH

Trust: 1.0

NVD: CVE-2018-4109
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-196
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134140
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4109
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134140
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4109
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134140 // JVNDB: JVNDB-2018-003697 // CNNVD: CNNVD-201804-196 // NVD: CVE-2018-4109

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134140 // JVNDB: JVNDB-2018-003697 // NVD: CVE-2018-4109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-196

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201804-196

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003697

PATCH
title:HT208462url:https://support.apple.com/en-us/HT208462
Trust: 0.8
title:HT208463url:https://support.apple.com/en-us/HT208463
Trust: 0.8
title:HT208464url:https://support.apple.com/en-us/HT208464
Trust: 0.8
title:HT208463url:https://support.apple.com/ja-jp/HT208463
Trust: 0.8
title:HT208464url:https://support.apple.com/ja-jp/HT208464
Trust: 0.8
title:HT208462url:https://support.apple.com/ja-jp/HT208462
Trust: 0.8
title:Apple iOS , tvOS  and watchOS Graphics Driver Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83048
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003697 // 
            
            
            
            CNNVD: CNNVD-201804-196

EXTERNAL IDS
db:NVDid:CVE-2018-4109
Trust: 2.5
db:JVNid:JVNVU99446427
Trust: 0.8
db:JVNDBid:JVNDB-2018-003697
Trust: 0.8
db:CNNVDid:CNNVD-201804-196
Trust: 0.6
db:VULHUBid:VHN-134140
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134140 // 
            
            
            
            JVNDB: JVNDB-2018-003697 // 
            
            
            
            CNNVD: CNNVD-201804-196 // 
            
            
            
            NVD: CVE-2018-4109

REFERENCES
url:https://support.apple.com/ht208462
Trust: 1.7
url:https://support.apple.com/ht208463
Trust: 1.7
url:https://support.apple.com/ht208464
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4109
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99446427/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4109
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134140 // 
            
            
            
            JVNDB: JVNDB-2018-003697 // 
            
            
            
            CNNVD: CNNVD-201804-196 // 
            
            
            
            NVD: CVE-2018-4109

SOURCES
db:VULHUBid:VHN-134140
db:JVNDBid:JVNDB-2018-003697
db:CNNVDid:CNNVD-201804-196
db:NVDid:CVE-2018-4109

LAST UPDATE DATE
2024-11-23T20:50:04.809000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134140date:2018-04-27T00:00:00
db:JVNDBid:JVNDB-2018-003697date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-196date:2018-04-09T00:00:00
db:NVDid:CVE-2018-4109date:2024-11-21T04:06:46.873

SOURCES RELEASE DATE
db:VULHUBid:VHN-134140date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2018-003697date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-196date:2018-04-03T00:00:00
db:NVDid:CVE-2018-4109date:2018-04-03T06:29:04.437