Sign-up

ID

VAR-201904-1370


CVE

CVE-2018-4410


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AGDPClientControl service. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges to the level of the kernel. Apple macOS High Sierra and so on are a set of dedicated operating systems developed by Apple for Mac computers

Trust: 3.15

sources: NVD: CVE-2018-4410 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014888 // ZDI: ZDI-18-1324 // VULHUB: VHN-134441 // VULMON: CVE-2018-4410

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-18-1324 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014888 // NVD: CVE-2018-4410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4410
value: HIGH

Trust: 1.0

NVD: CVE-2018-4410
value: HIGH

Trust: 0.8

ZDI: CVE-2018-4410
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201810-1513
value: HIGH

Trust: 0.6

VULHUB: VHN-134441
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4410
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4410
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2018-4410
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-134441
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4410
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-1324 // VULHUB: VHN-134441 // VULMON: CVE-2018-4410 // JVNDB: JVNDB-2018-014888 // CNNVD: CNNVD-201810-1513 // NVD: CVE-2018-4410

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134441 // JVNDB: JVNDB-2018-014888 // NVD: CVE-2018-4410

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1513

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1513

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008908

PATCH
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 1.6
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/kb/HT201222
Trust: 0.7
title:Apple macOS AppleGraphicsControl Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86491
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1324 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014888 // 
            
            
            
            CNNVD: CNNVD-201810-1513

EXTERNAL IDS
db:NVDid:CVE-2018-4410
Trust: 3.3
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:JVNDBid:JVNDB-2018-014888
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6488
Trust: 0.7
db:ZDIid:ZDI-18-1324
Trust: 0.7
db:CNNVDid:CNNVD-201810-1513
Trust: 0.7
db:VULHUBid:VHN-134441
Trust: 0.1
db:VULMONid:CVE-2018-4410
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1324 // 
            
            
            
            VULHUB: VHN-134441 // 
            
            
            
            VULMON: CVE-2018-4410 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014888 // 
            
            
            
            CNNVD: CNNVD-201810-1513 // 
            
            
            
            NVD: CVE-2018-4410

REFERENCES
url:https://support.apple.com/kb/ht209193
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4410
Trust: 1.4
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4410
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht201222
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/fulldisclosure/2018/nov/10
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1324 // 
            
            
            
            VULHUB: VHN-134441 // 
            
            
            
            VULMON: CVE-2018-4410 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014888 // 
            
            
            
            CNNVD: CNNVD-201810-1513 // 
            
            
            
            NVD: CVE-2018-4410

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1324

SOURCES
db:ZDIid:ZDI-18-1324
db:VULHUBid:VHN-134441
db:VULMONid:CVE-2018-4410
db:JVNDBid:JVNDB-2018-008908
db:JVNDBid:JVNDB-2018-014888
db:CNNVDid:CNNVD-201810-1513
db:NVDid:CVE-2018-4410

LAST UPDATE DATE
2024-11-23T20:31:02.465000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1324date:2018-10-30T00:00:00
db:VULHUBid:VHN-134441date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4410date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014888date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201810-1513date:2019-04-09T00:00:00
db:NVDid:CVE-2018-4410date:2024-11-21T04:07:21.617

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-1324date:2018-10-30T00:00:00
db:VULHUBid:VHN-134441date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4410date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014888date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201810-1513date:2018-10-31T00:00:00
db:NVDid:CVE-2018-4410date:2019-04-03T18:29:13.923