Sign-up

ID

VAR-201804-1224


CVE

CVE-2018-4112


TITLE

Apple macOS of ATS Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-003692

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. Apple macOS of ATS Components contain vulnerabilities that can capture important information.An attacker could obtain important information by using improper handling of symbolic links. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. An attacker could exploit this vulnerability through a maliciously crafted file to obtain user information

Trust: 1.98

sources: NVD: CVE-2018-4112 // JVNDB: JVNDB-2018-003692 // BID: 103582 // VULHUB: VHN-134143

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 1.4

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 1.4

vendor:applemodel:mac os xscope:ltversion:10.13.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.13.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13.4

Trust: 0.3

sources: BID: 103582 // JVNDB: JVNDB-2018-003692 // CNNVD: CNNVD-201804-193 // NVD: CVE-2018-4112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4112
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4112
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-193
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134143
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4112
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134143
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4112
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134143 // JVNDB: JVNDB-2018-003692 // CNNVD: CNNVD-201804-193 // NVD: CVE-2018-4112

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-134143 // JVNDB: JVNDB-2018-003692 // NVD: CVE-2018-4112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-193

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201804-193

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003692

PATCH
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:Apple macOS High Sierra ATS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83045
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003692 // 
            
            
            
            CNNVD: CNNVD-201804-193

EXTERNAL IDS
db:NVDid:CVE-2018-4112
Trust: 2.8
db:BIDid:103582
Trust: 1.4
db:SECTRACKid:1040608
Trust: 1.1
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNDBid:JVNDB-2018-003692
Trust: 0.8
db:CNNVDid:CNNVD-201804-193
Trust: 0.7
db:VULHUBid:VHN-134143
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134143 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003692 // 
            
            
            
            CNNVD: CNNVD-201804-193 // 
            
            
            
            NVD: CVE-2018-4112

REFERENCES
url:https://support.apple.com/ht208692
Trust: 1.7
url:http://www.securityfocus.com/bid/103582
Trust: 1.1
url:http://www.securitytracker.com/id/1040608
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4112
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4112
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-ie/ht208692
Trust: 0.3
sources:
            
            
            VULHUB: VHN-134143 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003692 // 
            
            
            
            CNNVD: CNNVD-201804-193 // 
            
            
            
            NVD: CVE-2018-4112

CREDITS
David J Beitey (@davidjb_), Geoffrey Bugniot, Simon Hosie, an anonymous researcher, Kamatham Chaitanya of ShiftLeft Inc., Haik Aftandilian of Mozilla, Axis and pjf of IceSword Lab of Qihoo 360, Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., Jonas Jens
Trust: 0.3
sources:
            
            
            BID: 103582

SOURCES
db:VULHUBid:VHN-134143
db:BIDid:103582
db:JVNDBid:JVNDB-2018-003692
db:CNNVDid:CNNVD-201804-193
db:NVDid:CVE-2018-4112

LAST UPDATE DATE
2024-11-23T19:36:10.076000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134143date:2018-04-27T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003692date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-193date:2018-04-09T00:00:00
db:NVDid:CVE-2018-4112date:2024-11-21T04:06:47.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-134143date:2018-04-03T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003692date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-193date:2018-04-03T00:00:00
db:NVDid:CVE-2018-4112date:2018-04-03T06:29:04.610