PT-2018-16488 · Apple · Swift

Published

2018-06-08

Updated

2019-10-03

CVE-2018-4220

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Swift versions prior to 4.1.1 Security Update 2018-001

Description The issue involves the "Swift for Ubuntu" component and allows attackers to execute arbitrary code in a privileged context. This is possible because write and execute permissions are enabled during library loading.

Recommendations For versions prior to 4.1.1 Security Update 2018-001, update to Swift 4.1.1 Security Update 2018-001 to resolve the issue. As a temporary workaround, consider restricting the use of the "Swift for Ubuntu" component until the update is applied.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-4220

Affected Products

Swift

PT-2018-16488 · Apple · Swift

CVE-2018-4220

Weakness Enumeration

Related Identifiers

Affected Products

References · 4