CVE-2018-4185

HIGH

Apple Iphone OS < 11.3 - Information Disclosure

Title source: rule

Description

In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.

Exploits (1)

nomisec WORKING POC 87 stars

by bazad · poc

https://github.com/bazad/x18-leak

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT208696

Vendor Advisory x_refsource_misc

https://support.apple.com/HT208692

Vendor Advisory x_refsource_misc

https://support.apple.com/HT208693

Vendor Advisory x_refsource_misc

https://support.apple.com/HT208698

Scores

CVSS v3 7.5

EPSS 0.0374

EPSS Percentile 88.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (4)

apple/iphone_os < 11.3

apple/mac_os_x < 10.13.4

apple/tvos < 11.3

apple/watchos < 4.3

Published Jan 11, 2019

Tracked Since Feb 18, 2026