CVE-2018-4248

HIGH

Apple Iphone OS < 11.4.1 - Out-of-Bounds Read

Title source: rule

Description

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

Exploits (1)

nomisec WORKING POC 54 stars

by bazad · poc

https://github.com/bazad/xpc-string-leak

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT208937

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT208938

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT208935

Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT208936

Scores

CVSS v3 7.5

EPSS 0.0267

EPSS Percentile 85.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (4)

apple/iphone_os < 11.4.1

apple/mac_os_x < 10.13.6

apple/tvos < 11.4.1

apple/watchos < 4.3.2

Published Apr 03, 2019

Tracked Since Feb 18, 2026