CVE-2018-4366
published 2019-04-03CVE-2018-4366: A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
PriorityP355high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.45%
92.9th percentile
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 12.1 | 12.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3x3v-84v2-gwh2: A memory corruption issue was addressed with improved input validation
ghsa_unreviewed·2022-05-13
CVE-2018-4366 [HIGH] CWE-119 GHSA-3x3v-84v2-gwh2: A memory corruption issue was addressed with improved input validation
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
Project0
Adventures in Video Conferencing Part 2: Fun with FaceTime - Project Zero
project_zero·2018-12-01
CVE-2018-4366 Adventures in Video Conferencing Part 2: Fun with FaceTime - Project Zero
Posted by Natalie Silvanovich, Project Zero
FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the contents of FaceTime’s audio and video streams would lead to similar results as WebRTC.
Fuzzing Set-up
Philipp Hancke performed an excellent analysis of FaceTime’s architecture in 2015. It is similar to WebRTC, in that it exchanges signalling information in SDP format and then uses RTP for audio and video streams. Looking at the FaceTime implementation on a Mac, it seemed the bulk of the calling functionality of FaceTime is in a daemon called avconferenced. Opening up the binary that supports its functionality, AVConference in IDA, it contains
Apple
CVE-2018-4366: iOS 12.1
vendor_apple·2018-10-30·CVSS 7.5
CVE-2018-4366 [HIGH] CVE-2018-4366: iOS 12.1
Apple Security Update: About the security content of iOS 12.1
Product: iOS
Version: 12.1
CVE: CVE-2018-4366
Component: FaceTime
Impact: A remote attacker may be able to leak memory
Description: A memory corruption issue was addressed with improved input validation.
No detection rules found.
2019-04-03
Published