CVE-2018-4189 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Watchos

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 27.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple TV Apple Iphone OS Apple MAC OS X +1 more

Timeline

PublishedJan 11

Latest updateMay 14

Description

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDapple/watchos< 4.2.2

▶NVDapple/mac_os_x10.13.0 — 10.13.3

▶NVDapple/apple_tv< 11.2.5

▶NVDapple/iphone_os< 11.2.5

🔴Vulnerability Details

GHSA

GHSA-p28g-8qw4-9v8q: In iOS before 11↗2022-05-14

▶

CVEList

CVE-2018-4189: In iOS before 11↗2019-01-11

▶

📋Vendor Advisories

Apple

CVE-2018-4189: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan↗2018-01-23

▶

Apple

CVE-2018-4189: iOS 11.2.5↗2018-01-23

▶

Apple

CVE-2018-4189: tvOS 11.2.5↗2018-01-23

▶

Apple

CVE-2018-4189: watchOS 4.2.2↗2018-01-23

▶