CVE-2018-4344

HIGH KEV

iPhone OS < 12.0 - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2018-4344 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 27, 2022.

Description

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

References (5)

Core 5

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4344

Release Notes, Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT209107

Release Notes, Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT209106

Release Notes, Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT209139

Release Notes, Vendor Advisory x_refsource_misc

https://support.apple.com/kb/HT209108

Scores

CVSS v3 7.8

EPSS 0.0018

EPSS Percentile 39.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-06-27

VulnCheck KEV 2022-06-23

InTheWild.io 2022-06-27

ENISA EUVD EUVD-2018-16130

CWE

CWE-119

Status published

Products (4)

apple/iphone_os < 12.0

apple/mac_os_x < 10.14

apple/tvos < 12.0

apple/watchos < 5.0

Published Apr 03, 2019

KEV Added Jun 27, 2022

Tracked Since Feb 18, 2026