CVE-2018-4302
HIGHApple iCloud < 7.0 - Denial of Service via Malicious XML Processing
Title source: llmDescription
A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT208144
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT208112
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT208115
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT208141
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT208142
Scores
CVSS v3
7.8
EPSS
0.0092
EPSS Percentile
55.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-476
Status
published
Products (5)
apple/icloud
< 7.0
apple/iphone_os
< 11
apple/itunes
< 12.7
apple/mac_os_x
< 10.13
apple/watchos
< 4
Published
Dec 23, 2021
Tracked Since
Feb 18, 2026