CVE-2018-4241

EUVD-2018-16027
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
appleapple_tv
𝑥
< 11.4
appleiphone_os
𝑥
< 11.4
applemac_os_x
𝑥
< 10.13.5
applewatchos
𝑥
< 4.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1041027
https://bugs.chromium.org/p/project-zero/issues/detail?id=1558
https://support.apple.com/HT208848
https://support.apple.com/HT208849
https://support.apple.com/HT208850
https://support.apple.com/HT208851
https://www.exploit-db.com/exploits/44849/
http://www.securitytracker.com/id/1041027
https://bugs.chromium.org/p/project-zero/issues/detail?id=1558
https://support.apple.com/HT208848
https://support.apple.com/HT208849
https://support.apple.com/HT208850
https://support.apple.com/HT208851
https://www.exploit-db.com/exploits/44849/