Sign-up

ID

VAR-201904-1382


CVE

CVE-2018-4422


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. macOS Mojave Contains a memory corruption vulnerability due to a flaw in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the IOFramebufferUserClient IOkit user client. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code as the kernel. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. IOGraphics is one of the input and output graphics components. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 3.15

sources: NVD: CVE-2018-4422 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014863 // ZDI: ZDI-18-1333 // VULHUB: VHN-134453 // VULMON: CVE-2018-4422

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-18-1333 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014863 // NVD: CVE-2018-4422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4422
value: HIGH

Trust: 1.0

NVD: CVE-2018-4422
value: HIGH

Trust: 0.8

ZDI: CVE-2018-4422
value: CRITICAL

Trust: 0.7

CNNVD: CNNVD-201810-1523
value: HIGH

Trust: 0.6

VULHUB: VHN-134453
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4422
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4422
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134453
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4422
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ZDI: CVE-2018-4422
baseSeverity: CRITICAL
baseScore: 7.0
vectorString: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-18-1333 // VULHUB: VHN-134453 // VULMON: CVE-2018-4422 // JVNDB: JVNDB-2018-014863 // CNNVD: CNNVD-201810-1523 // NVD: CVE-2018-4422

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134453 // JVNDB: JVNDB-2018-014863 // NVD: CVE-2018-4422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1523

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1523

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008908

PATCH
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 1.6
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/kb/HT201222
Trust: 0.7
title:Apple macOS IOGraphics Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86501
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1333 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014863 // 
            
            
            
            CNNVD: CNNVD-201810-1523

EXTERNAL IDS
db:NVDid:CVE-2018-4422
Trust: 3.3
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:JVNDBid:JVNDB-2018-014863
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6834
Trust: 0.7
db:ZDIid:ZDI-18-1333
Trust: 0.7
db:CNNVDid:CNNVD-201810-1523
Trust: 0.7
db:VULHUBid:VHN-134453
Trust: 0.1
db:VULMONid:CVE-2018-4422
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1333 // 
            
            
            
            VULHUB: VHN-134453 // 
            
            
            
            VULMON: CVE-2018-4422 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014863 // 
            
            
            
            CNNVD: CNNVD-201810-1523 // 
            
            
            
            NVD: CVE-2018-4422

REFERENCES
url:https://support.apple.com/kb/ht209193
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4422
Trust: 1.4
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4422
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht201222
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/fulldisclosure/2018/nov/10
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1333 // 
            
            
            
            VULHUB: VHN-134453 // 
            
            
            
            VULMON: CVE-2018-4422 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014863 // 
            
            
            
            CNNVD: CNNVD-201810-1523 // 
            
            
            
            NVD: CVE-2018-4422

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1333

SOURCES
db:ZDIid:ZDI-18-1333
db:VULHUBid:VHN-134453
db:VULMONid:CVE-2018-4422
db:JVNDBid:JVNDB-2018-008908
db:JVNDBid:JVNDB-2018-014863
db:CNNVDid:CNNVD-201810-1523
db:NVDid:CVE-2018-4422

LAST UPDATE DATE
2024-11-23T20:21:55.245000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1333date:2018-10-31T00:00:00
db:VULHUBid:VHN-134453date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4422date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014863date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201810-1523date:2019-04-10T00:00:00
db:NVDid:CVE-2018-4422date:2024-11-21T04:07:22.947

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-1333date:2018-10-31T00:00:00
db:VULHUBid:VHN-134453date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4422date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014863date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201810-1523date:2018-10-31T00:00:00
db:NVDid:CVE-2018-4422date:2019-04-03T18:29:15.017