CVE-2018-4150
HIGHiPhone OS < 11.3, macOS < 10.13.4, tvOS < 11.3, watchOS < 4.3 - Kernel Memory Corruption via Crafted App
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2018-4150. PoCs published by Jailbreaks, littlelailo, mirdhan.
AI-analyzed exploit summary This PoC exploits a race condition in the BSD Packet Filter (BPF) implementation (CVE-2018-4150) to achieve a buffer overflow by manipulating BIOCSDLT and BIOCSBLEN ioctls. It targets iOS up to 11.2.6 and demonstrates the vulnerability by sending a crafted packet to trigger the overflow.
Description
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Exploits (3)
This PoC exploits a race condition in the BSD Packet Filter (BPF) implementation (CVE-2018-4150) to achieve a buffer overflow by manipulating BIOCSDLT and BIOCSBLEN ioctls. It targets iOS up to 11.2.6 and demonstrates the vulnerability by sending a crafted packet to trigger the overflow.
The repository contains an incomplete exploit for CVE-2018-4150, targeting iOS. The exploit.c file is a stub with minimal code, and the README indicates the project is unfinished and non-functional.
References (6)
Scores
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H