CVE-2018-4344
published 2019-04-03CVE-2018-4344: A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
PriorityP279high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-07-18
Exploited in the wild
EPSS
2.92%
85.3th percentile
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 12.0 | 12.0 |
| apple | mac_os_x | < 10.14 | 10.14 |
| apple | macos_mojave | — | — |
| apple | tvos | < 12.0 | 12.0 |
| apple | tvos | — | — |
| apple | watchos | < 5.0 | 5.0 |
| apple | watchos_5 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the Kernel component; monitor for applications attempting to execute arbitrary code with kernel privileges on Apple platforms (iOS, macOS, tvOS, watchOS) ↗
- ·Affected versions: iOS prior to 12, macOS prior to Mojave 10.14, tvOS prior to 12, watchOS prior to 5. Patch by applying vendor updates. ↗
- ·CISA KEV listed; this vulnerability has been actively exploited in the wild. Remediation was required by 2022-07-18. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Apple Multiple Products Memory Corruption Vulnerability
cisa·2022-06-27·CVSS 7.8
CVE-2018-4344 [HIGH] CWE-119 Apple Multiple Products Memory Corruption Vulnerability
Vulnerability: Apple Multiple Products Memory Corruption Vulnerability
Affected: Apple Multiple Products
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-4344
Remediation Due Date: 2022-07-18
Apple
CVE-2018-4344: macOS Mojave 10.14
vendor_apple·2018-09-24·CVSS 7.8
CVE-2018-4344 [HIGH] CVE-2018-4344: macOS Mojave 10.14
Apple Security Update: About the security content of macOS Mojave 10.14
Product: macOS Mojave
Version: 10.14
CVE: CVE-2018-4344
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2018-4344: iOS 12
vendor_apple·2018-09-17·CVSS 7.8
CVE-2018-4344 [HIGH] CVE-2018-4344: iOS 12
Apple Security Update: About the security content of iOS 12
Product: iOS
Version: 12
CVE: CVE-2018-4344
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2018-4344: tvOS 12
vendor_apple·2018-09-17·CVSS 7.8
CVE-2018-4344 [HIGH] CVE-2018-4344: tvOS 12
Apple Security Update: About the security content of tvOS 12
Product: tvOS
Version: 12
CVE: CVE-2018-4344
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2018-4344: watchOS 5
vendor_apple·2018-09-17·CVSS 7.8
CVE-2018-4344 [HIGH] CVE-2018-4344: watchOS 5
Apple Security Update: About the security content of watchOS 5
Product: watchOS 5
CVE: CVE-2018-4344
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
GHSA
GHSA-486c-fgp8-q4mj: A memory corruption issue was addressed with improved memory handling
ghsa_unreviewed·2022-05-14
CVE-2018-4344 [HIGH] CWE-119 GHSA-486c-fgp8-q4mj: A memory corruption issue was addressed with improved memory handling
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
Project0
A survey of recent iOS kernel exploits - Project Zero
project_zero·2020-06-01
CVE-2016-7644 A survey of recent iOS kernel exploits - Project Zero
Posted by Brandon Azad, Project Zero
I recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here.
This post summarizes original iOS kernel exploits from local app context targeting iOS 10 through iOS 13, focusing on the high-level exploit flow from the initial primitive granted by the vulnerability to kernel read/write. At the end of this post, we will briefly look at iOS kernel exploit mitigations (in both hardware and software) and how they map onto the techniques used in the exploits.
This isn't your typical P0 blog post: There is no gripping zero-day exploitation, or novel exploitation research, or thrilling mal
VulnCheck
Apple Multiple Products Memory Corruption Vulnerability
vulncheck·2018·CVSS 7.8
CVE-2018-4344 [HIGH] CWE-119 Apple Multiple Products Memory Corruption Vulnerability
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
Affected: Apple Multiple Products
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-07-18
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/kb/HT209106https://support.apple.com/kb/HT209107https://support.apple.com/kb/HT209108https://support.apple.com/kb/HT209139https://support.apple.com/kb/HT209106https://support.apple.com/kb/HT209107https://support.apple.com/kb/HT209108https://support.apple.com/kb/HT209139https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4344
2019-04-03
Published
2022-06-27
Added to CISA KEV
Exploited in the wild