CVE-2018-4083

HIGH

macOS < 10.13.3 - Memory Corruption and Remote Code Execution in Touch Bar Support

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4083. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a race condition in AppleEmbeddedOSSupportHostClient::registerNotificationPort, leading to a use-after-free (UAF) vulnerability. By calling IOConnectSetNotificationPort in parallel threads, it triggers a double-free on a Mach port, achieving root-to-kernel privilege escalation.

Description

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · cdosmacos
https://www.exploit-db.com/exploits/44007

This exploit demonstrates a race condition in AppleEmbeddedOSSupportHostClient::registerNotificationPort, leading to a use-after-free (UAF) vulnerability. By calling IOConnectSetNotificationPort in parallel threads, it triggers a double-free on a Mach port, achieving root-to-kernel privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: AppleEmbeddedOSSupportHost.kext (macOS kernel extension)
Auth required
Prerequisites: Root access · MacBook Pro with Touch Bar · AppleEmbeddedOSSupportHost.kext loaded
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208465
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44007/

Scores

CVSS v3 7.8
EPSS 0.0078
EPSS Percentile 74.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
apple/mac_os_x < 10.13.3
Published Apr 03, 2018
Tracked Since Feb 18, 2026