Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-4237Apple Iphone OS vulnerability

10 documents7 sources
Severity
7.8HIGHNVD
OSV6.7
EPSS
63.0%
top 1.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
Apple Iphone OSApple MAC OS XApple Tvos+4 more
Timeline
PublishedJun 8
Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDapple/tvos< 11.4
NVDapple/watchos< 4.3.1
NVDapple/mac_os_x< 10.13.5
Appleapple/tvos11.4
Appleapple/watchos4.3.1

🔴Vulnerability Details

3
GHSA
GHSA-8g9p-xj27-qw5f: An issue was discovered in certain Apple products2022-05-13
OSV
spamassassin vulnerabilities2020-01-15
VulnCheck
Apple iOS/macOS/tvOS/watchOS 'libxpc' Vulnerability2018

💥Exploits & PoCs

2
Exploit-DB
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)2018-11-29
Metasploit
Mac OS X libxpc MITM Privilege Escalation

📋Vendor Advisories

4
Apple
CVE-2018-4237: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan2018-06-01
Apple
CVE-2018-4237: watchOS 4.3.12018-05-29
Apple
CVE-2018-4237: iOS 11.42018-05-29
Apple
CVE-2018-4237: tvOS 11.42018-05-29