⚠ Actively exploited
Added to CISA KEV on 2022-06-27. Federal agencies required to patch by 2022-07-18. Required action: Apply updates per vendor instructions..

CVE-2018-4344Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Tvos

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 60.51%
CISA KEV
KEV
Added 2022-06-27
Due 2022-07-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Apple Iphone OSApple MAC OS XApple Tvos+4 more
Timeline
PublishedApr 3
KEV addedJun 27
KEV dueJul 18
CISA Required Action: Apply updates per vendor instructions.

Description

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

Appleapple/macos_mojave10.14
NVDapple/tvos< 12.0
NVDapple/watchos< 5.0
NVDapple/mac_os_x< 10.14
Appleapple/tvos12

🔴Vulnerability Details

3
GHSA
GHSA-486c-fgp8-q4mj: A memory corruption issue was addressed with improved memory handling2022-05-14
Project0
A survey of recent iOS kernel exploits - Project Zero2020-06-01
VulnCheck
Apple Multiple Products Memory Corruption Vulnerability2018

📋Vendor Advisories

5
CISA
Apple Multiple Products Memory Corruption Vulnerability2022-06-27
Apple
CVE-2018-4344: macOS Mojave 10.142018-09-24
Apple
CVE-2018-4344: iOS 122018-09-17
Apple
CVE-2018-4344: tvOS 122018-09-17
Apple
CVE-2018-4344: watchOS 52018-09-17