Details of VAR-201904-1385

ID

VAR-201904-1385

CVE

CVE-2018-4425

TITLE

Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability

Trust: 2.1

sources: ZDI: ZDI-18-1325 // ZDI: ZDI-18-1326 // ZDI: ZDI-18-1346

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. plural Apple The product has a memory corruption vulnerability due to incomplete memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of NECP control sockets. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Apple macOS High Sierra and so on are a set of dedicated operating systems developed by Apple for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14

Trust: 5.13

sources: NVD: CVE-2018-4425 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-014866 // ZDI: ZDI-18-1325 // ZDI: ZDI-18-1326 // ZDI: ZDI-18-1346 // VULHUB: VHN-134456 // VULMON: CVE-2018-4425

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 2.1
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14	Trust: 1.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.0	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.8 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2018-001 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.1 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2018-005 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1 earlier	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14 earlier	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5 (apple watch series 1 or later )	Trust: 0.8

sources: ZDI: ZDI-18-1325 // ZDI: ZDI-18-1326 // ZDI: ZDI-18-1346 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-014866 // NVD: CVE-2018-4425

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-4425
value:	MEDIUM
Trust: 2.1
nvd@nist.gov:	CVE-2018-4425
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4425
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-1526
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134456
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4425
value:	HIGH
Trust: 0.1

ZDI:	CVE-2018-4425
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.1
nvd@nist.gov:	CVE-2018-4425
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134456
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4425
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-1325 // ZDI: ZDI-18-1326 // ZDI: ZDI-18-1346 // VULHUB: VHN-134456 // VULMON: CVE-2018-4425 // JVNDB: JVNDB-2018-014866 // CNNVD: CNNVD-201810-1526 // NVD: CVE-2018-4425

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134456 // JVNDB: JVNDB-2018-014866 // NVD: CVE-2018-4425

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1526

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1526

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008908

PATCH

title:	About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra	url:	https://support.apple.com/en-us/HT209193	Trust: 2.3
title:	About the security content of macOS Mojave 10.14	url:	https://support.apple.com/en-us/HT209139	Trust: 1.6
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/kb/HT201222	Trust: 1.4
title:	About the security content of iTunes 12.9.1	url:	https://support.apple.com/en-us/HT209197	Trust: 0.8
title:	About the security content of iCloud for Windows 7.8	url:	https://support.apple.com/en-us/HT209198	Trust: 0.8
title:	About the security content of Safari 12.0.1	url:	https://support.apple.com/en-us/HT209196	Trust: 0.8
title:	About the security content of tvOS 12.1	url:	https://support.apple.com/en-us/HT209194	Trust: 0.8
title:	About the security content of iOS 12.1	url:	https://support.apple.com/en-us/HT209192	Trust: 0.8
title:	About the security content of watchOS 5.1	url:	https://support.apple.com/en-us/HT209195	Trust: 0.8
title:	HT209106	url:	https://support.apple.com/en-us/HT209106	Trust: 0.8
title:	HT209107	url:	https://support.apple.com/en-us/HT209107	Trust: 0.8
title:	HT209108	url:	https://support.apple.com/en-us/HT209108	Trust: 0.8
title:	HT209106	url:	https://support.apple.com/ja-jp/HT209106	Trust: 0.8
title:	HT209107	url:	https://support.apple.com/ja-jp/HT209107	Trust: 0.8
title:	HT209108	url:	https://support.apple.com/ja-jp/HT209108	Trust: 0.8
title:	HT209139	url:	https://support.apple.com/ja-jp/HT209139	Trust: 0.8
title:	HT209193	url:	https://support.apple.com/ja-jp/HT209193	Trust: 0.8
title:	Apple macOS Kernel Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86504	Trust: 0.6

sources: ZDI: ZDI-18-1325 // ZDI: ZDI-18-1326 // ZDI: ZDI-18-1346 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-014866 // CNNVD: CNNVD-201810-1526

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4425	Trust: 4.7
db:	JVN	id:	JVNVU96365720	Trust: 1.6
db:	JVN	id:	JVNVU99356481	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-008908	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007762	Trust: 0.8
db:	JVN	id:	JVNVU93341447	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014866	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6363	Trust: 0.7
db:	ZDI	id:	ZDI-18-1325	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6378	Trust: 0.7
db:	ZDI	id:	ZDI-18-1326	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6417	Trust: 0.7
db:	ZDI	id:	ZDI-18-1346	Trust: 0.7
db:	CNNVD	id:	CNNVD-201810-1526	Trust: 0.7
db:	VULHUB	id:	VHN-134456	Trust: 0.1
db:	VULMON	id:	CVE-2018-4425	Trust: 0.1

sources: ZDI: ZDI-18-1325 // ZDI: ZDI-18-1326 // ZDI: ZDI-18-1346 // VULHUB: VHN-134456 // VULMON: CVE-2018-4425 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-007762 // JVNDB: JVNDB-2018-014866 // CNNVD: CNNVD-201810-1526 // NVD: CVE-2018-4425

REFERENCES

url:	https://support.apple.com/kb/ht209106	Trust: 1.8
url:	https://support.apple.com/kb/ht209107	Trust: 1.8
url:	https://support.apple.com/kb/ht209108	Trust: 1.8
url:	https://support.apple.com/kb/ht209139	Trust: 1.8
url:	https://support.apple.com/kb/ht209193	Trust: 1.8
url:	https://support.apple.com/kb/ht201222	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4425	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96365720/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4425	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93341447/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96365720/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/index.html	Trust: 0.8
url:	https://support.apple.com/en-us/ht209193	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2018/nov/15	Trust: 0.1

CREDITS

juwei lin (@panicaII) of Trend Micro

Trust: 1.4

sources: ZDI: ZDI-18-1325 // ZDI: ZDI-18-1346

SOURCES

db:	ZDI	id:	ZDI-18-1325
db:	ZDI	id:	ZDI-18-1326
db:	ZDI	id:	ZDI-18-1346
db:	VULHUB	id:	VHN-134456
db:	VULMON	id:	CVE-2018-4425
db:	JVNDB	id:	JVNDB-2018-008908
db:	JVNDB	id:	JVNDB-2018-007762
db:	JVNDB	id:	JVNDB-2018-014866
db:	CNNVD	id:	CNNVD-201810-1526
db:	NVD	id:	CVE-2018-4425

LAST UPDATE DATE

2024-11-23T19:52:10.587000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1325	date:	2018-10-30T00:00:00
db:	ZDI	id:	ZDI-18-1326	date:	2018-10-30T00:00:00
db:	ZDI	id:	ZDI-18-1346	date:	2018-11-20T00:00:00
db:	VULHUB	id:	VHN-134456	date:	2019-04-05T00:00:00
db:	VULMON	id:	CVE-2018-4425	date:	2019-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-014866	date:	2019-04-17T00:00:00
db:	CNNVD	id:	CNNVD-201810-1526	date:	2019-04-09T00:00:00
db:	NVD	id:	CVE-2018-4425	date:	2024-11-21T04:07:23.273

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-1325	date:	2018-10-30T00:00:00
db:	ZDI	id:	ZDI-18-1326	date:	2018-10-30T00:00:00
db:	ZDI	id:	ZDI-18-1346	date:	2018-11-20T00:00:00
db:	VULHUB	id:	VHN-134456	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4425	date:	2019-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-014866	date:	2019-04-17T00:00:00
db:	CNNVD	id:	CNNVD-201810-1526	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-4425	date:	2019-04-03T18:29:15.127