Vulnerability-Lookup

CNVD-2018-26494

Vulnerability from cnvd - Published: 2018-12-26

Title

Apple iOS Kernel组件内存错误引用漏洞

Description

Apple iOS是美国苹果（Apple）公司为移动设备所开发的一套操作系统。Kernel是其中的一个内核组件。 Apple iOS Kernel组件中存在内存错误引用漏洞。目前没有详细的漏洞细节提供。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.apple.com/

Reference

https://packetstormsecurity.com/files/149870/iOS-Kernel-Personas-Use-After-Free.html

Impacted products

Name
Apple iOS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4337",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4337"
    }
  },
  "description": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Kernel\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5185\u6838\u7ec4\u4ef6\u3002\n\nApple iOS Kernel\u7ec4\u4ef6\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "discovererName": "ianbeer",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.apple.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-26494",
  "openTime": "2018-12-26",
  "products": {
    "product": "Apple  iOS"
  },
  "referenceLink": "https://packetstormsecurity.com/files/149870/iOS-Kernel-Personas-Use-After-Free.html",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-23",
  "title": "Apple iOS Kernel\u7ec4\u4ef6\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e"
}

CVE-2018-4337 (GCVE-0-2018-4337)

Vulnerability from cvelistv5 – Published: 2019-04-03 17:43 – Updated: 2024-08-05 05:11

Summary

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Severity

No CVSS data available.

CWE

An application may be able to execute arbitrary code with kernel privileges

Assigner

apple

References

4 references

URL	Tags
https://support.apple.com/kb/HT209107	x_refsource_MISC
https://support.apple.com/kb/HT209106	x_refsource_MISC
https://support.apple.com/kb/HT209139	x_refsource_MISC
https://support.apple.com/kb/HT209108	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	iOS, macOS, tvOS, watchOS	Affected: Versions prior to: iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:11:22.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209107"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209106"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209108"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS, macOS, tvOS, watchOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to: iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to execute arbitrary code with kernel privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-03T17:43:15.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209107"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209106"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209108"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS, macOS, tvOS, watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to: iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An application may be able to execute arbitrary code with kernel privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT209107",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209107"
            },
            {
              "name": "https://support.apple.com/kb/HT209106",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209106"
            },
            {
              "name": "https://support.apple.com/kb/HT209139",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209139"
            },
            {
              "name": "https://support.apple.com/kb/HT209108",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209108"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4337",
    "datePublished": "2019-04-03T17:43:15.000Z",
    "dateReserved": "2018-01-02T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:11:22.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-26494

CVE-2018-4337 (GCVE-0-2018-4337)

Tags

Sightings

Nomenclature