VAR-201904-1458
Vulnerability from variot - Updated: 2024-11-23 21:05A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Heimdal is one of the anti-malware components. A buffer error vulnerability exists in the Heimdal component of several Apple products. An attacker could exploit this vulnerability to execute arbitrary code with system privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12
tvOS 12 addresses the following:
Auto Unlock Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
CoreFoundation Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreFoundation Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018
CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018
Grand Central Dispatch Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018
Heimdal Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018
IOHIDFamily Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018
IOKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018
IOUserEthernet Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018
iTunes Store Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Safari Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)
Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018
Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky
Symptom Framework Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018
Text Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4345: an anonymous researcher
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz
Additional recognition
Assets We would like to acknowledge Brandon Azad for their assistance.
Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
Kernel We would like to acknowledge Brandon Azad for their assistance.
Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.
SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HjHg/+ Lp4/41SoCVfRStv+eO69W8FCdq8K6+2n60F/pYwb7GlmF5H/Unon0k3PXdDyI/5V ZkaawvnThzMKS9k2kTb7wgnc8PSB8Ax4HGXBB5puo63L3dPk4fNeNNGOMynZaoKO i5MzFxji0nldu/Sgyv/zrdM2MKE2MAVGi2O5YH37PirPK84G4STxw7IFtrSEFGBN QiHbap8Bdjjny7Y1zSIk6CClU6YLpC0E1u8Y6KpmjHn/z4dfKFm9A+CkVuwxymDX RllmAWdDHU5/u93ZFdfEvnu8lFU4kxW4y0R6IJRjRHoouPI2eI5dwIGzxIv1CPea 1qN6QtRFfv9/JQyWotLFFUEDXrOIed9cVosqmJfUulQkq5a5UqcOWCW/HuQYOn9Y qd9EPPRS+lzlBQgFF/MBV1dxsp7WdZXPGnkiskzLMEt3CdOmvu2qx1Lc+6ErJZeI NX8n/CFc16aOS2ltsxx8hX1RWKQ+uZ4Fe4sDOry94wziTPfmAJ0HxR4cTf/KRWuF DuvZkpYyvGrGQmDB1FBWIIA3TP6zfhNtP6hIo5tLgnZb2HDHYcxO76nPKpGEiLiA KizL2ExA3Y5ePf4ZKVx4IGqZqhx0sYebHWgXBABu4MjpL7z4A26q05OVAJZf/icr ssYDTWsZCZr/yz9LEyNJiCWPwqpaAA2VQkMfW3nW/v0= =6KHo -----END PGP SIGNATURE----- .
Alternatively, on your watch, select "My Watch > General > About"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.8,
"vendor": "apple",
"version": "10.14"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (ipod touch first 6 generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5 (apple watch series 1 or later )"
},
{
"model": "macos mojave",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.14 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "150119"
},
{
"db": "PACKETSTORM",
"id": "150113"
}
],
"trust": 0.2
},
"cve": "CVE-2018-4343",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-4343",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-134374",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-4343",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4343",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-4343",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134374",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-4343",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134374"
},
{
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-140"
},
{
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Heimdal is one of the anti-malware components. A buffer error vulnerability exists in the Heimdal component of several Apple products. An attacker could exploit this vulnerability to execute arbitrary code with system privileges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-10-30-11 Additional information for\nAPPLE-SA-2018-9-24-6 tvOS 12\n\ntvOS 12 addresses the following:\n\nAuto Unlock\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to access local users\nAppleIDs\nDescription: A validation issue existed in the entitlement\nverification. \nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \n\nBluetooth\nAvailable for: Apple TV (4th generation)\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nCFNetwork\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4412: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreFoundation\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4414: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added October 30, 2018\n\nCoreText\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4347: an anonymous researcher\nEntry added October 30, 2018\n\nGrand Central Dispatch\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4426: Brandon Azad\nEntry added October 30, 2018\n\nHeimdal\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4331: Brandon Azad\nCVE-2018-4332: Brandon Azad\nCVE-2018-4343: Brandon Azad\nEntry added October 30, 2018\n\nIOHIDFamily\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation\nCVE-2018-4408: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4341: Ian Beer of Google Project Zero\nCVE-2018-4354: Ian Beer of Google Project Zero\nEntry added October 30, 2018\n\nIOKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4383: Apple\nEntry added October 30, 2018\n\nIOUserEthernet\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4401: Apple\nEntry added October 30, 2018\n\niTunes Store\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in the iTunes Store\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4305: Jerry Decime\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: An access issue existed with privileged API calls. This\nissue was addressed with additional restrictions. \nCVE-2018-4399: Fabiano Anemone (@anoane)\nEntry added October 30, 2018\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: An input validation issue existed in the kernel. \nCVE-2018-4363: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4407: Kevin Backhouse of Semmle Ltd. \nEntry added October 30, 2018\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4336: Brandon Azad\nCVE-2018-4337: Ian Beer of Google Project Zero\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\nCVE-2018-4344: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2018-4425: cc working with Trend Micro\u0027s Zero Day Initiative,\nJuwei Lin (@panicaII) of Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nSafari\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A local user may be able to discover websites a user has\nvisited\nDescription: A consistency issue existed in the handling of\napplication snapshots. \nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert\nUlu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -\nAnkara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l\nUniversity, Metin Altug Karakaya of Kaliptus Medical Organization,\nVinodh Swami of Western Governor\u0027s University (WGU)\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A local user may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2018-4395: Patrick Wardle of Digita Security\nEntry added October 30, 2018\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nSymptom Framework\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro\u0027s Zero\nDay Initiative\nEntry added October 30, 2018\n\nText\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4304: jianan.huang (@Sevck)\nEntry added October 30, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan\nTeam\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro\u0027s Zero\nDay Initiative\nCVE-2018-4323: Ivan Fratric of Google Project Zero\nCVE-2018-4328: Ivan Fratric of Google Project Zero\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with\nTrend Micro\u0027s Zero Day Initiative\nCVE-2018-4359: Samuel GroA (@5aelo)\nCVE-2018-4360: William Bowling (@wcbowling)\nEntry added October 30, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4197: Ivan Fratric of Google Project Zero\nCVE-2018-4306: Ivan Fratric of Google Project Zero\nCVE-2018-4312: Ivan Fratric of Google Project Zero\nCVE-2018-4314: Ivan Fratric of Google Project Zero\nCVE-2018-4315: Ivan Fratric of Google Project Zero\nCVE-2018-4317: Ivan Fratric of Google Project Zero\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious website may exfiltrate image data cross-origin\nDescription: A cross-site scripting issue existed in Safari. \nCVE-2018-4345: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4191: found by OSS-Fuzz\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A cross-site scripting issue existed in Safari. \nCVE-2018-4309: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2018-4361: found by OSS-Fuzz\n\nAdditional recognition\n\nAssets\nWe would like to acknowledge Brandon Azad for their assistance. \n\nCore Data\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad for their assistance. \n\nSandbox Profiles\nWe would like to acknowledge Tencent Keen Security Lab working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nWebKit\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360\nVuclan team, and Zach Malone of CA Technologies for their assistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HjHg/+\nLp4/41SoCVfRStv+eO69W8FCdq8K6+2n60F/pYwb7GlmF5H/Unon0k3PXdDyI/5V\nZkaawvnThzMKS9k2kTb7wgnc8PSB8Ax4HGXBB5puo63L3dPk4fNeNNGOMynZaoKO\ni5MzFxji0nldu/Sgyv/zrdM2MKE2MAVGi2O5YH37PirPK84G4STxw7IFtrSEFGBN\nQiHbap8Bdjjny7Y1zSIk6CClU6YLpC0E1u8Y6KpmjHn/z4dfKFm9A+CkVuwxymDX\nRllmAWdDHU5/u93ZFdfEvnu8lFU4kxW4y0R6IJRjRHoouPI2eI5dwIGzxIv1CPea\n1qN6QtRFfv9/JQyWotLFFUEDXrOIed9cVosqmJfUulQkq5a5UqcOWCW/HuQYOn9Y\nqd9EPPRS+lzlBQgFF/MBV1dxsp7WdZXPGnkiskzLMEt3CdOmvu2qx1Lc+6ErJZeI\nNX8n/CFc16aOS2ltsxx8hX1RWKQ+uZ4Fe4sDOry94wziTPfmAJ0HxR4cTf/KRWuF\nDuvZkpYyvGrGQmDB1FBWIIA3TP6zfhNtP6hIo5tLgnZb2HDHYcxO76nPKpGEiLiA\nKizL2ExA3Y5ePf4ZKVx4IGqZqhx0sYebHWgXBABu4MjpL7z4A26q05OVAJZf/icr\nssYDTWsZCZr/yz9LEyNJiCWPwqpaAA2VQkMfW3nW/v0=\n=6KHo\n-----END PGP SIGNATURE-----\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4343"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"db": "VULHUB",
"id": "VHN-134374"
},
{
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"db": "PACKETSTORM",
"id": "150119"
},
{
"db": "PACKETSTORM",
"id": "150113"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4343",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU99356481",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU93341447",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007762",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-140",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-134374",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-4343",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150113",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134374"
},
{
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"db": "PACKETSTORM",
"id": "150119"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-140"
},
{
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"id": "VAR-201904-1458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134374"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:05:22.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT209139",
"trust": 1.6,
"url": "https://support.apple.com/en-us/HT209139"
},
{
"title": "HT209106",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209106"
},
{
"title": "HT209107",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209107"
},
{
"title": "HT209108",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT209108"
},
{
"title": "HT209106",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209106"
},
{
"title": "HT209107",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209107"
},
{
"title": "HT209108",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209108"
},
{
"title": "HT209139",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT209139"
},
{
"title": "Multiple Apple product Heimdal Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91063"
},
{
"title": "macOS-iOS-system-security",
"trust": 0.1,
"url": "https://github.com/houjingyi233/macOS-iOS-system-security "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209106"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209107"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209108"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209139"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4343"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4343"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93341447/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99356481/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99356481/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4203"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4332"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4340"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4126"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4341"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4337"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2018/nov/15"
},
{
"trust": 0.1,
"url": "https://github.com/houjingyi233/macos-ios-system-security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4319"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4311"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4354"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134374"
},
{
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"db": "PACKETSTORM",
"id": "150119"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-140"
},
{
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134374"
},
{
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"db": "PACKETSTORM",
"id": "150119"
},
{
"db": "PACKETSTORM",
"id": "150113"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-140"
},
{
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134374"
},
{
"date": "2019-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"date": "2019-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"date": "2018-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"date": "2018-10-31T16:17:40",
"db": "PACKETSTORM",
"id": "150119"
},
{
"date": "2018-10-31T16:10:19",
"db": "PACKETSTORM",
"id": "150113"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-140"
},
{
"date": "2019-04-03T18:29:09.080000",
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-134374"
},
{
"date": "2019-04-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4343"
},
{
"date": "2019-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014995"
},
{
"date": "2018-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007762"
},
{
"date": "2019-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-140"
},
{
"date": "2024-11-21T04:07:13.930000",
"db": "NVD",
"id": "CVE-2018-4343"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Memory corruption vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-140"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.