Details of VAR-201901-1589

ID

VAR-201901-1589

CVE

CVE-2018-4404

TITLE

iOS and macOS High Sierra Memory corruption vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013673

DESCRIPTION

In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of Mach messages to the Dock. The issue results from the lack of proper validation of the client prior to spawning a process. An attacker can leverage this vulnerability to execute code within the context of the current user. Both Apple iOS and macOS High Sierra are products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers. libxpc is an open source implementation of one of the Apple XPC libraries

Trust: 2.43

sources: NVD: CVE-2018-4404 // JVNDB: JVNDB-2018-013673 // ZDI: ZDI-18-1338 // VULHUB: VHN-134435 // VULMON: CVE-2018-4404

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.4	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-18-1338 // JVNDB: JVNDB-2018-013673 // NVD: CVE-2018-4404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4404
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2018-4404
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4404
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-4404
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201811-333
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-134435
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4404
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4404
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2018-4404
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-134435
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4404
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2018-4404
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: ZDI: ZDI-18-1338 // VULHUB: VHN-134435 // VULMON: CVE-2018-4404 // JVNDB: JVNDB-2018-013673 // CNNVD: CNNVD-201811-333 // NVD: CVE-2018-4404 // NVD: CVE-2018-4404

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134435 // JVNDB: JVNDB-2018-013673 // NVD: CVE-2018-4404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-333

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201811-333

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013673

PATCH

title:	HT208848	url:	https://support.apple.com/en-us/HT208848	Trust: 1.5
title:	HT208849	url:	https://support.apple.com/en-us/HT208849	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/ja-jp/HT208848	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/ja-jp/HT208849	Trust: 0.8
title:	Apple iOS libxpc Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86740	Trust: 0.6

sources: ZDI: ZDI-18-1338 // JVNDB: JVNDB-2018-013673 // CNNVD: CNNVD-201811-333

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4404	Trust: 3.3
db:	EXPLOIT-DB	id:	45998	Trust: 1.8
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013673	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5820	Trust: 0.7
db:	ZDI	id:	ZDI-18-1338	Trust: 0.7
db:	CNNVD	id:	CNNVD-201811-333	Trust: 0.7
db:	VULHUB	id:	VHN-134435	Trust: 0.1
db:	PACKETSTORM	id:	150779	Trust: 0.1
db:	VULMON	id:	CVE-2018-4404	Trust: 0.1

sources: ZDI: ZDI-18-1338 // VULHUB: VHN-134435 // VULMON: CVE-2018-4404 // JVNDB: JVNDB-2018-013673 // CNNVD: CNNVD-201811-333 // NVD: CVE-2018-4404

REFERENCES

url:	https://support.apple.com/ht208849	Trust: 1.8
url:	https://www.exploit-db.com/exploits/45998/	Trust: 1.8
url:	https://support.apple.com/ht208848%2c	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4404	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4404	Trust: 0.8
url:	https://support.apple.com/en-us/ht208848	Trust: 0.7
url:	https://support.apple.com/ht208848	Trust: 0.6
url:	https://support.apple.com/ht208848,	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/modules/exploit/osx/browser/safari_proxy_object_type_confusion/	Trust: 0.1
url:	https://packetstormsecurity.com/files/150779/safari-proxy-object-type-confusion.html	Trust: 0.1

sources: ZDI: ZDI-18-1338 // VULHUB: VHN-134435 // VULMON: CVE-2018-4404 // JVNDB: JVNDB-2018-013673 // CNNVD: CNNVD-201811-333 // NVD: CVE-2018-4404

CREDITS

Samuel Gross (saelo)

Trust: 1.3

sources: ZDI: ZDI-18-1338 // CNNVD: CNNVD-201811-333

SOURCES

db:	ZDI	id:	ZDI-18-1338
db:	VULHUB	id:	VHN-134435
db:	VULMON	id:	CVE-2018-4404
db:	JVNDB	id:	JVNDB-2018-013673
db:	CNNVD	id:	CNNVD-201811-333
db:	NVD	id:	CVE-2018-4404

LAST UPDATE DATE

2024-11-23T19:59:03.030000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1338	date:	2018-11-05T00:00:00
db:	VULHUB	id:	VHN-134435	date:	2019-01-23T00:00:00
db:	VULMON	id:	CVE-2018-4404	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-013673	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201811-333	date:	2019-02-11T00:00:00
db:	NVD	id:	CVE-2018-4404	date:	2024-11-21T04:07:20.920

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-1338	date:	2018-11-05T00:00:00
db:	VULHUB	id:	VHN-134435	date:	2019-01-11T00:00:00
db:	VULMON	id:	CVE-2018-4404	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013673	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201811-333	date:	2018-11-13T00:00:00
db:	NVD	id:	CVE-2018-4404	date:	2019-01-11T18:29:03.140