CVE-2018-4194 — Out-of-bounds Read in Apple Icloud

CWE-125 — Out-of-bounds Read8 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud Apple Iphone OS Apple Itunes +2 more

Timeline

PublishedJan 11

Latest updateMay 14

Description

In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDapple/icloud< 7.5

▶NVDapple/itunes< 12.7.5

▶NVDapple/watchos< 4.3.1

▶NVDapple/mac_os_x10.13.0 — 10.13.5

▶NVDapple/iphone_os< 11.4

🔴Vulnerability Details

GHSA

GHSA-9rmp-58v5-cfp9: In iOS before 11↗2022-05-14

▶

CVEList

CVE-2018-4194: In iOS before 11↗2019-01-11

▶

📋Vendor Advisories

Apple

CVE-2018-4194: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan↗2018-06-01

▶

Apple

CVE-2018-4194: iCloud for Windows 7.5↗2018-06-01

▶

Apple

CVE-2018-4194: iTunes 12.7.5 for Windows↗2018-05-29

▶

Apple

CVE-2018-4194: watchOS 4.3.1↗2018-05-29

▶

Apple

CVE-2018-4194: iOS 11.4↗2018-05-29

▶