cbcvebase.
CVE-2018-4344
published 2019-04-03

CVE-2018-4344: A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

PriorityP279high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-07-18
Exploited in the wild
EPSS
2.92%
85.3th percentile
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Affected

8 ranges
VendorProductVersion rangeFixed in
appleios
appleiphone_os< 12.012.0
applemac_os_x< 10.1410.14
applemacos_mojave
appletvos< 12.012.0
appletvos
applewatchos< 5.05.0
applewatchos_5

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the Kernel component; monitor for applications attempting to execute arbitrary code with kernel privileges on Apple platforms (iOS, macOS, tvOS, watchOS)
  • ·Affected versions: iOS prior to 12, macOS prior to Mojave 10.14, tvOS prior to 12, watchOS prior to 5. Patch by applying vendor updates.
  • ·CISA KEV listed; this vulnerability has been actively exploited in the wild. Remediation was required by 2022-07-18.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.