CVE-2018-4243

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
appleapple_tv
𝑥
< 11.4
appleiphone_os
𝑥
< 11.4
applemac_os_x
𝑥
< 10.13.5
applewatchos
𝑥
< 4.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1041027
https://bugs.chromium.org/p/project-zero/issues/detail?id=1564
https://support.apple.com/HT208848
https://support.apple.com/HT208849
https://support.apple.com/HT208850
https://support.apple.com/HT208851
https://www.exploit-db.com/exploits/44848/
http://www.securitytracker.com/id/1041027
https://bugs.chromium.org/p/project-zero/issues/detail?id=1564
https://support.apple.com/HT208848
https://support.apple.com/HT208849
https://support.apple.com/HT208850
https://support.apple.com/HT208851
https://www.exploit-db.com/exploits/44848/