CVE-2018-4327

HIGH

iPhone OS < 11.4.1 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-4327. PoCs published by omerporze, harryanon.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2018-4327, targeting iOS Bluetooth services to manipulate the program counter (PC) register on SpringBoard and related services. The exploit requires user interaction (Bluetooth settings manipulation) and is based on prior research by @SparkZheng and @raniXCH.

Description

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.

Exploits (2)

nomisec WORKING POC 42 stars
by omerporze · poc
https://github.com/omerporze/brokentooth

This repository contains a proof-of-concept exploit for CVE-2018-4327, targeting iOS Bluetooth services to manipulate the program counter (PC) register on SpringBoard and related services. The exploit requires user interaction (Bluetooth settings manipulation) and is based on prior research by @SparkZheng and @raniXCH.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: iOS 11.3.1 (tested on iPhone 6S, likely up to 11.4)
No auth needed
Prerequisites: Physical access to the device · Bluetooth settings manipulation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 1 stars
by harryanon · poc
https://github.com/harryanon/POC-CVE-2018-4327-and-CVE-2018-4330

This repository contains a writeup and references for a PoC targeting CVE-2018-4327, a vulnerability affecting iOS Bluetooth services. It describes an exploit that allows setting the ARM program counter (PC) register to an arbitrary value in SpringBoard and related services, tested on iPhone 6S running iOS 11.3.1.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: iOS 11.3.1 - 11.4 (Bluetooth services)
No auth needed
Prerequisites: Physical access to the device · Bluetooth settings manipulation · Preparation of Mach messages
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT208938

Scores

CVSS v3 7.8
EPSS 0.0233
EPSS Percentile 81.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
apple/iphone_os < 11.4.1
Published Apr 03, 2019
Tracked Since Feb 18, 2026