Sign-up

ID

VAR-201904-1368


CVE

CVE-2018-4408


TITLE

plural Apple Memory corruption vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014926

DESCRIPTION

A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. plural Apple The product has a memory corruption vulnerability due to incomplete processing related to input validation.The memory may be damaged. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component. A buffer error vulnerability exists in the IOHIDFamily component in several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.52

sources: NVD: CVE-2018-4408 // JVNDB: JVNDB-2018-014926 // JVNDB: JVNDB-2018-008908 // VULHUB: VHN-134439 // VULMON: CVE-2018-4408

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14

Trust: 1.8

vendor:applemodel:watchosscope:ltversion:5.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.0

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5 (apple watch series 1 or later )

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2018-014926 // JVNDB: JVNDB-2018-008908 // NVD: CVE-2018-4408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4408
value: HIGH

Trust: 1.0

NVD: CVE-2018-4408
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1511
value: HIGH

Trust: 0.6

VULHUB: VHN-134439
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4408
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4408
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134439
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4408
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134439 // VULMON: CVE-2018-4408 // JVNDB: JVNDB-2018-014926 // CNNVD: CNNVD-201810-1511 // NVD: CVE-2018-4408

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134439 // JVNDB: JVNDB-2018-014926 // NVD: CVE-2018-4408

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1511

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1511

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014926

PATCH
title:HT209193url:https://support.apple.com/en-us/HT209193
Trust: 1.6
title:HT209106url:https://support.apple.com/en-us/HT209106
Trust: 0.8
title:HT209107url:https://support.apple.com/en-us/HT209107
Trust: 0.8
title:HT209108url:https://support.apple.com/en-us/HT209108
Trust: 0.8
title:HT209139url:https://support.apple.com/en-us/HT209139
Trust: 0.8
title:HT209106url:https://support.apple.com/ja-jp/HT209106
Trust: 0.8
title:HT209107url:https://support.apple.com/ja-jp/HT209107
Trust: 0.8
title:HT209108url:https://support.apple.com/ja-jp/HT209108
Trust: 0.8
title:HT209139url:https://support.apple.com/ja-jp/HT209139
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:Apple macOS IOHIDFamily Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86490
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014926 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            CNNVD: CNNVD-201810-1511

EXTERNAL IDS
db:NVDid:CVE-2018-4408
Trust: 2.6
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNDBid:JVNDB-2018-014926
Trust: 0.8
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:CNNVDid:CNNVD-201810-1511
Trust: 0.7
db:VULHUBid:VHN-134439
Trust: 0.1
db:VULMONid:CVE-2018-4408
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134439 // 
            
            
            
            VULMON: CVE-2018-4408 // 
            
            
            
            JVNDB: JVNDB-2018-014926 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            CNNVD: CNNVD-201810-1511 // 
            
            
            
            NVD: CVE-2018-4408

REFERENCES
url:https://support.apple.com/kb/ht209106
Trust: 1.8
url:https://support.apple.com/kb/ht209107
Trust: 1.8
url:https://support.apple.com/kb/ht209108
Trust: 1.8
url:https://support.apple.com/kb/ht209139
Trust: 1.8
url:https://support.apple.com/kb/ht209193
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4408
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4408
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/fulldisclosure/2018/nov/15
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134439 // 
            
            
            
            VULMON: CVE-2018-4408 // 
            
            
            
            JVNDB: JVNDB-2018-014926 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            CNNVD: CNNVD-201810-1511 // 
            
            
            
            NVD: CVE-2018-4408

CREDITS
Ian Beer of Google Project Zero
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201810-1511

SOURCES
db:VULHUBid:VHN-134439
db:VULMONid:CVE-2018-4408
db:JVNDBid:JVNDB-2018-014926
db:JVNDBid:JVNDB-2018-008908
db:CNNVDid:CNNVD-201810-1511
db:NVDid:CVE-2018-4408

LAST UPDATE DATE
2024-11-23T20:29:54.837000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134439date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4408date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-014926date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:CNNVDid:CNNVD-201810-1511date:2019-04-10T00:00:00
db:NVDid:CVE-2018-4408date:2024-11-21T04:07:21.363

SOURCES RELEASE DATE
db:VULHUBid:VHN-134439date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4408date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014926date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:CNNVDid:CNNVD-201810-1511date:2018-10-31T00:00:00
db:NVDid:CVE-2018-4408date:2019-04-03T18:29:13.720