Sign-up

ID

VAR-201806-1446


CVE

CVE-2018-4242


TITLE

Apple macOS Hypervisor component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2018-005810

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. Hypervisor (also known as virtual machine monitor, VMM) is an intermediate software layer running between the physical server and the operating system, which allows multiple operating systems and applications to share a set of underlying physical hardware. CVE-2018-4196: G. Description: An information disclosure issue existed in device properties. CVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team Bluetooth Available for: MacBook Pro (Retina, 15-inch, Mid 2015), MacBook Pro (Retina, 15-inch, 2015), MacBook Pro (Retina, 13-inch, Early 2015), MacBook Pro (15-inch, 2017), MacBook Pro (15-inch, 2016), MacBook Pro (13-inch, Late 2016, Two Thunderbolt 3 Ports), MacBook Pro (13-inch, Late 2016, Four Thunderbolt 3 Ports), MacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports), MacBook (Retina, 12-inch, Early 2016), MacBook (Retina, 12-inch, Early 2015), MacBook (Retina, 12-inch, 2017), iMac Pro, iMac (Retina 5K, 27-inch, Late 2015), iMac (Retina 5K, 27-inch, 2017), iMac (Retina 4K, 21.5-inch, Late 2015), iMac (Retina 4K, 21.5-inch, 2017), iMac (21.5-inch, Late 2015), and iMac (21.5-inch, 2017) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4410: an anonymous researcher working with Trend Micro's Zero Day Initiative AppleGraphicsControl Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative APR Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative CoreAnimation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam Secure Disclosure CoreCrypto Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum CoreFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Dictionary Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Dock Available for: macOS Mojave 10.14 Impact: A malicious application may be able to access restricted files Description: This issue was addressed by removing additional entitlements. CVE-2018-4403: Patrick Wardle of Digita Security dyld Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2018-4423: an anonymous researcher EFI Available for: macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) EFI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A local user may be able to modify protected parts of the file system Description: A configuration issue was addressed with additional restrictions. CVE-2018-4342: Timothy Perfitt of Twocanoes Software Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4331: Brandon Azad Hypervisor Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Hypervisor Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team ICU Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4334: Ian Beer of Google Project Zero Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America IOGraphics Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4422: an anonymous researcher working with Trend Micro's Zero Day Initiative IOHIDFamily Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero IOUserEthernet Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple IPSec Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36) Kernel Available for: macOS High Sierra 10.13.6 Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4419: Mohamed Ghannam (@_simo36) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Kernel Available for: macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4424: Dr. Silvio Cesare of InfoSect Login Window Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Mail Available for: macOS Mojave 10.14 Impact: Processing a maliciously crafted mail message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team MediaRemote Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Microcode Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel. CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone), Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com) NetworkExtension Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-4369: an anonymous researcher Perl Available for: macOS Sierra 10.12.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter Ruby Available for: macOS Sierra 10.12.6 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4393: Lufeng Li Symptom Framework Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative WiFi Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. iBooks We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. LaunchServices We would like to acknowledge Alok Menghrajani of Square for their assistance. Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance. Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance. Terminal We would like to acknowledge an anonymous researcher for their assistance. Installation note: macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ// QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+ 2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN 2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8= =uhgi -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2018-4242 // JVNDB: JVNDB-2018-005810 // VULHUB: VHN-134273 // VULMON: CVE-2018-4242 // PACKETSTORM: 148642 // PACKETSTORM: 150108 // PACKETSTORM: 148015

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.4

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.5.6

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.2

Trust: 0.6

sources: JVNDB: JVNDB-2018-005810 // CNNVD: CNNVD-201806-592 // NVD: CVE-2018-4242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4242
value: HIGH

Trust: 1.0

NVD: CVE-2018-4242
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-592
value: HIGH

Trust: 0.6

VULHUB: VHN-134273
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4242
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4242
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134273
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4242
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134273 // VULMON: CVE-2018-4242 // JVNDB: JVNDB-2018-005810 // CNNVD: CNNVD-201806-592 // NVD: CVE-2018-4242

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134273 // JVNDB: JVNDB-2018-005810 // NVD: CVE-2018-4242

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-592

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201806-592

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005810

PATCH
title:HT208849url:https://support.apple.com/en-us/HT208849
Trust: 0.8
title:HT208849url:https://support.apple.com/ja-jp/HT208849
Trust: 0.8
title:Apple macOS High Sierra Hypervisor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80786
Trust: 0.6
title:Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation-url:https://github.com/yeonnic/Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation- 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4242 // 
            
            
            
            JVNDB: JVNDB-2018-005810 // 
            
            
            
            CNNVD: CNNVD-201806-592

EXTERNAL IDS
db:NVDid:CVE-2018-4242
Trust: 2.9
db:SECTRACKid:1042004
Trust: 1.8
db:SECTRACKid:1041027
Trust: 1.8
db:JVNid:JVNVU98864649
Trust: 0.8
db:JVNDBid:JVNDB-2018-005810
Trust: 0.8
db:CNNVDid:CNNVD-201806-592
Trust: 0.7
db:VULHUBid:VHN-134273
Trust: 0.1
db:VULMONid:CVE-2018-4242
Trust: 0.1
db:PACKETSTORMid:148642
Trust: 0.1
db:PACKETSTORMid:150108
Trust: 0.1
db:PACKETSTORMid:148015
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134273 // 
            
            
            
            VULMON: CVE-2018-4242 // 
            
            
            
            JVNDB: JVNDB-2018-005810 // 
            
            
            
            PACKETSTORM: 148642 // 
            
            
            
            PACKETSTORM: 150108 // 
            
            
            
            PACKETSTORM: 148015 // 
            
            
            
            CNNVD: CNNVD-201806-592 // 
            
            
            
            NVD: CVE-2018-4242

REFERENCES
url:https://support.apple.com/ht208849
Trust: 1.8
url:http://www.securitytracker.com/id/1041027
Trust: 1.8
url:http://www.securitytracker.com/id/1042004
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4242
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4242
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98864649/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht201222
Trust: 0.3
url:https://support.apple.com/downloads/
Trust: 0.3
url:https://www.apple.com/support/security/pgp/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-4225
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4219
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4249
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4235
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4184
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4230
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4141
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4228
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4202
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4243
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4224
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4198
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4196
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4229
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4234
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4159
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4240
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4193
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4237
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4221
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4223
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4236
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4226
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4227
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4211
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4241
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4171
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://github.com/yeonnic/look-at-the-xnu-through-a-tube-cve-2018-4242-write-up-translation-
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/nomi-sec/poc-in-github
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12618
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-14064
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4203
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10784
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4334
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4288
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4308
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4326
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-17405
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-3640
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4153
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4291
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4340
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4304
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4286
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4126
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-14033
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4331
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4310
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4259
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4295
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-17742
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-3646
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12613
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4287
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-3639
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134273 // 
            
            
            
            VULMON: CVE-2018-4242 // 
            
            
            
            JVNDB: JVNDB-2018-005810 // 
            
            
            
            PACKETSTORM: 148642 // 
            
            
            
            PACKETSTORM: 150108 // 
            
            
            
            PACKETSTORM: 148015 // 
            
            
            
            CNNVD: CNNVD-201806-592 // 
            
            
            
            NVD: CVE-2018-4242

CREDITS
Apple
Trust: 0.3
sources:
            
            
            PACKETSTORM: 148642 // 
            
            
            
            PACKETSTORM: 150108 // 
            
            
            
            PACKETSTORM: 148015

SOURCES
db:VULHUBid:VHN-134273
db:VULMONid:CVE-2018-4242
db:JVNDBid:JVNDB-2018-005810
db:PACKETSTORMid:148642
db:PACKETSTORMid:150108
db:PACKETSTORMid:148015
db:CNNVDid:CNNVD-201806-592
db:NVDid:CVE-2018-4242

LAST UPDATE DATE
2024-11-23T20:54:17.070000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134273date:2019-03-07T00:00:00
db:VULMONid:CVE-2018-4242date:2019-03-07T00:00:00
db:JVNDBid:JVNDB-2018-005810date:2018-07-31T00:00:00
db:CNNVDid:CNNVD-201806-592date:2019-03-13T00:00:00
db:NVDid:CVE-2018-4242date:2024-11-21T04:07:02.530

SOURCES RELEASE DATE
db:VULHUBid:VHN-134273date:2018-06-08T00:00:00
db:VULMONid:CVE-2018-4242date:2018-06-08T00:00:00
db:JVNDBid:JVNDB-2018-005810date:2018-07-31T00:00:00
db:PACKETSTORMid:148642date:2018-07-23T13:02:22
db:PACKETSTORMid:150108date:2018-10-31T15:50:04
db:PACKETSTORMid:148015date:2018-06-01T18:32:22
db:CNNVDid:CNNVD-201806-592date:2018-06-11T00:00:00
db:NVDid:CVE-2018-4242date:2018-06-08T18:29:02.493