PT-2018-1975 · Apple · Xnu Kernel+4
Kevin Backhouse
·
Published
2018-10-30
·
Updated
2023-06-12
·
CVE-2018-4407
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 12
macOS versions prior to 10.14
tvOS versions prior to 12
watchOS versions prior to 5
Description
A memory corruption issue was addressed with improved validation. The issue is related to a buffer overflow in the heap of the XNU kernel's ICMP packet processing module in iOS and macOS operating systems. This could allow a remote attacker to execute arbitrary code using specially crafted ICMP packets.
Recommendations
For iOS versions prior to 12, update to iOS 12 or later.
For macOS versions prior to 10.14, update to macOS 10.14 or later.
For tvOS versions prior to 12, update to tvOS 12 or later.
For watchOS versions prior to 5, update to watchOS 5 or later.
Exploit
Fix
Buffer Overflow
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xnu Kernel
Ios
Apple Macos
Tvos
Watchos