Sign-up

ID

VAR-201904-1415


CVE

CVE-2018-4324


TITLE

macOS of Apple ID Vulnerabilities related to permissions in processing

Trust: 0.8

sources: JVNDB: JVNDB-2018-014881

DESCRIPTION

A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14. macOS of Apple ID There is a privilege vulnerability in the process due to a lack of access control.Information may be obtained. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. The App Store is an online distribution platform for applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14 macOS Mojave 10.14 addresses the following: Bluetooth Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012) , Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580) afpserver Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. AppleGraphicsControl Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Application Firewall Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A configuration issue was addressed with additional restrictions. CVE-2018-4353: Abhinav Bansal of LinkedIn Inc. APR Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT Entry added October 30, 2018 ATS Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 ATS Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) Entry added October 30, 2018 Auto Unlock Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreText Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad CUPS Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch Entry added October 30, 2018 CUPS Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Entry added October 30, 2018 Dictionary Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Entry added October 30, 2018 Grand Central Dispatch Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 Hypervisor Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Entry added October 30, 2018 iBooks Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Entry added October 30, 2018 IOHIDFamily Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 Kernel Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 LibreSSL Impact: Multiple issues in libressl were addressed in this update Description: Multiple issues were addressed by updating to libressl version 2.6.4. CVE-2015-3194 CVE-2015-5333 CVE-2015-5334 CVE-2016-702 Entry added October 30, 2018 Login Window Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Entry added October 30, 2018 mDNSOffloadUserClient Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018 Microcode Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) Entry added October 30, 2018 Security Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Spotlight Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Entry added October 30, 2018 Symptom Framework Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 Wi-Fi Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Additional recognition Accessibility Framework We would like to acknowledge Ryan Govostes for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreDAV We would like to acknowledge an anonymous researcher for their assistance. CoreGraphics We would like to acknowledge Nitin Arya of Roblox Corporation for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. IOUSBHostFamily We would like to acknowledge an anonymous researcher for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance. Quick Look We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing and Patrick Wardle of Digita Security and lokihardt of Google Project Zero for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Terminal We would like to acknowledge an anonymous researcher for their assistance. WindowServer We would like to acknowledge Patrick Wardle of Digita Security for their assistance. Installation note: macOS Mojave 10.14 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA iVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A zqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr d9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt VoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl WzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL TecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/ rpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z w9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl e2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST 1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu 1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k= =i9YR -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2018-4324 // JVNDB: JVNDB-2018-014881 // JVNDB: JVNDB-2018-007762 // VULHUB: VHN-134355 // VULMON: CVE-2018-4324 // PACKETSTORM: 150116 // PACKETSTORM: 149510

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14

Trust: 1.8

vendor:applemodel:macos mojavescope:ltversion:10.14 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2018-014881 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4324
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4324
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-1169
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134355
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4324
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4324
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134355
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4324
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134355 // VULMON: CVE-2018-4324 // JVNDB: JVNDB-2018-014881 // CNNVD: CNNVD-201809-1169 // NVD: CVE-2018-4324

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-134355 // JVNDB: JVNDB-2018-014881 // NVD: CVE-2018-4324

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1169

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-1169

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014881

PATCH
title:HT209139url:https://support.apple.com/en-us/HT209139
Trust: 1.6
title:HT209139url:https://support.apple.com/ja-jp/HT209139
Trust: 0.8
title:Apple macOS Mojave App Store Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85203
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014881 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201809-1169

EXTERNAL IDS
db:NVDid:CVE-2018-4324
Trust: 2.8
db:JVNid:JVNVU99356481
Trust: 1.6
db:JVNDBid:JVNDB-2018-014881
Trust: 0.8
db:JVNDBid:JVNDB-2018-007762
Trust: 0.8
db:CNNVDid:CNNVD-201809-1169
Trust: 0.7
db:VULHUBid:VHN-134355
Trust: 0.1
db:VULMONid:CVE-2018-4324
Trust: 0.1
db:PACKETSTORMid:150116
Trust: 0.1
db:PACKETSTORMid:149510
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134355 // 
            
            
            
            VULMON: CVE-2018-4324 // 
            
            
            
            JVNDB: JVNDB-2018-014881 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            PACKETSTORM: 150116 // 
            
            
            
            PACKETSTORM: 149510 // 
            
            
            
            CNNVD: CNNVD-201809-1169 // 
            
            
            
            NVD: CVE-2018-4324

REFERENCES
url:https://support.apple.com/kb/ht209139
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4324
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4324
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99356481/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/
Trust: 0.8
url:https://support.apple.com/kb/ht201222
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4336
Trust: 0.2
url:https://support.apple.com/downloads/
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2016-1777
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4333
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-4321
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/bugtraq/2018/sep/65
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12618
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4203
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4334
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4338
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4308
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4332
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4326
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4153
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4340
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4304
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4126
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4331
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5334
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4310
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4295
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5333
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4341
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-3646
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3194
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4337
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12613
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-3639
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4353
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-4344
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5383
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134355 // 
            
            
            
            VULMON: CVE-2018-4324 // 
            
            
            
            JVNDB: JVNDB-2018-014881 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            PACKETSTORM: 150116 // 
            
            
            
            PACKETSTORM: 149510 // 
            
            
            
            CNNVD: CNNVD-201809-1169 // 
            
            
            
            NVD: CVE-2018-4324

CREDITS
Apple
Trust: 0.2
sources:
            
            
            PACKETSTORM: 150116 // 
            
            
            
            PACKETSTORM: 149510

SOURCES
db:VULHUBid:VHN-134355
db:VULMONid:CVE-2018-4324
db:JVNDBid:JVNDB-2018-014881
db:JVNDBid:JVNDB-2018-007762
db:PACKETSTORMid:150116
db:PACKETSTORMid:149510
db:CNNVDid:CNNVD-201809-1169
db:NVDid:CVE-2018-4324

LAST UPDATE DATE
2024-11-23T20:42:40.895000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134355date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-4324date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014881date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201809-1169date:2019-10-08T00:00:00
db:NVDid:CVE-2018-4324date:2024-11-21T04:07:11.770

SOURCES RELEASE DATE
db:VULHUBid:VHN-134355date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4324date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014881date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:PACKETSTORMid:150116date:2018-10-31T16:10:50
db:PACKETSTORMid:149510date:2018-09-25T16:20:37
db:CNNVDid:CNNVD-201809-1169date:2018-09-27T00:00:00
db:NVDid:CVE-2018-4324date:2019-04-03T18:29:07.893