CVE-2018-4237

HIGH EXPLOITED

Mac OS X libxpc MITM Privilege Escalation

Title source: metasploit

Description

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalmacos

https://www.exploit-db.com/exploits/45916

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by saelo · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/libxpc_mitm_ssudo.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041027

[Vendor Advisory] https://support.apple.com/HT208848

[Vendor Advisory] https://support.apple.com/HT208849

[Vendor Advisory] https://support.apple.com/HT208850

[Vendor Advisory] https://support.apple.com/HT208851

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45916/

Scores

CVSS v3 7.8

EPSS 0.6295

EPSS Percentile 98.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-07-30

Status published

Products (4)

apple/iphone_os < 11.4

apple/mac_os_x < 10.13.5

apple/tvos < 11.4

apple/watchos < 4.3.1

Published Jun 08, 2018

Tracked Since Feb 18, 2026