CVE-2018-4154
Summary
| CVE | CVE-2018-4154 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-03 06:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
Risk And Classification
Problem Types: CWE-362
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 103581 | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Opto 22 PAC Control CVE-2018-04154 Remote Stack Based Buffer Overflow Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Apple macOS/OS X Multiple Flaws Let Remote Users Bypass Security and Obtain Potentially Sensitive Information and Let Local Users Obtain Passwords and Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| About the security content of iOS 11.3 - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Spoof the User Interface, Remote and Local Users Bypass Security Restrictions and Obtain Potentially Sensitive Information, and Let Applications Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.