{"api_version":"1","generated_at":"2026-07-05T23:17:35+00:00","cve":"CVE-2018-4154","urls":{"html":"https://cve.report/CVE-2018-4154","api":"https://cve.report/api/cve/CVE-2018-4154.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-4154","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-4154"},"summary":{"title":"CVE-2018-4154","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the \"Storage\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2018-04-03 06:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-362"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/103581","name":"103581","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/105273","name":"105273","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Opto 22 PAC Control CVE-2018-04154 Remote Stack Based Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1040608","name":"1040608","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Apple macOS/OS X Multiple Flaws Let Remote Users Bypass Security and Obtain Potentially Sensitive Information and Let Local Users Obtain Passwords and Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208693","name":"https://support.apple.com/HT208693","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of iOS 11.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208692","name":"https://support.apple.com/HT208692","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1040604","name":"1040604","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Spoof the User Interface, Remote and Local Users Bypass Security Restrictions and Obtain Potentially Sensitive Information, and Let Applications Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-4154","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-4154","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"4154","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4154","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4154","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4154","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2018-4154","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the \"Storage\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://support.apple.com/HT208692","refsource":"CONFIRM","url":"https://support.apple.com/HT208692"},{"name":"1040604","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040604"},{"name":"103581","refsource":"BID","url":"http://www.securityfocus.com/bid/103581"},{"name":"https://support.apple.com/HT208693","refsource":"CONFIRM","url":"https://support.apple.com/HT208693"},{"name":"105273","refsource":"BID","url":"http://www.securityfocus.com/bid/105273"},{"name":"1040608","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040608"}]}},"nvd":{"publishedDate":"2018-04-03 06:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.6},"severity":"HIGH","exploitabilityScore":4.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.13.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"4154","Ordinal":"120068","Title":"CVE-2018-4154","CVE":"CVE-2018-4154","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"4154","Ordinal":"1","NoteData":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the \"Storage\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"4154","Ordinal":"2","NoteData":"2018-04-03","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"4154","Ordinal":"3","NoteData":"2018-09-06","Type":"Other","Title":"Modified"}]}}}