CVE-2018-4280
published 2019-04-03CVE-2018-4280: A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS…
PriorityP343high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
2.06%
78.9th percentile
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 11.4.1 | 11.4.1 |
| apple | mac_os_x | < 10.13.6 | 10.13.6 |
| apple | macos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0 | — | — |
| apple | tvos | < 11.4.1 | 11.4.1 |
| apple | tvos | — | — |
| apple | watchos | < 4.3.2 | 4.3.2 |
| apple | watchos | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2018-4280: iOS 11.4.1
vendor_apple·2018-07-09·CVSS 7.8
CVE-2018-4280 [HIGH] CVE-2018-4280: iOS 11.4.1
Apple Security Update: About the security content of iOS 11.4.1
Product: iOS
Version: 11.4.1
CVE: CVE-2018-4280
Component: Kernel
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
Apple
CVE-2018-4280: watchOS 4.3.2
vendor_apple·2018-07-09·CVSS 7.8
CVE-2018-4280 [HIGH] CVE-2018-4280: watchOS 4.3.2
Apple Security Update: About the security content of watchOS 4.3.2
Product: watchOS
Version: 4.3.2
CVE: CVE-2018-4280
Component: Kernel
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
Apple
CVE-2018-4280: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
vendor_apple·2018-07-09·CVSS 7.8
CVE-2018-4280 [HIGH] CVE-2018-4280: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Product: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
CVE: CVE-2018-4280
Component: Kernel
Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2018-4280: tvOS 11.4.1
vendor_apple·2018-07-09·CVSS 7.8
CVE-2018-4280 [HIGH] CVE-2018-4280: tvOS 11.4.1
Apple Security Update: About the security content of tvOS 11.4.1
Product: tvOS
Version: 11.4.1
CVE: CVE-2018-4280
Component: Kernel
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
GHSA
GHSA-49mg-c54c-h35r: A memory corruption issue was addressed with improved memory handling
ghsa_unreviewed·2022-05-14
CVE-2018-4280 [HIGH] CWE-119 GHSA-49mg-c54c-h35r: A memory corruption issue was addressed with improved memory handling
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
No detection rules found.
No writeups or analysis indexed.
2019-04-03
Published