CVE-2018-4407

HIGH

iPhone OS < 12.0 - Memory Corruption via ICMP Error Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 18 public exploits for CVE-2018-4407. PoCs published by Pa55w0rd, unixpickle, r3dxpl0it.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2018-4407, a remote kernel heap overflow vulnerability in iOS and macOS. The exploit sends maliciously crafted IP packets with specific options to trigger a denial-of-service (DoS) condition on vulnerable devices.

Description

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Exploits (18)

nomisec WORKING POC 60 stars
by Pa55w0rd · poc
https://github.com/Pa55w0rd/check_icmp_dos

This repository contains a proof-of-concept exploit for CVE-2018-4407, a remote kernel heap overflow vulnerability in iOS and macOS. The exploit sends maliciously crafted IP packets with specific options to trigger a denial-of-service (DoS) condition on vulnerable devices.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple iOS <= 11, macOS High Sierra <= 10.13.6, macOS Sierra <= 10.12.6, OS X El Capitan and earlier
No auth needed
Prerequisites: Network access to the target device (same Wi-Fi network) · Scapy library installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 48 stars
by unixpickle · poc
https://github.com/unixpickle/cve-2018-4407

This PoC exploits CVE-2018-4407, a DoS vulnerability in macOS and iOS devices by sending maliciously crafted ICMP packets with invalid IP options. The exploit triggers a kernel panic due to improper handling of IP options in the XNU kernel.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple macOS and iOS (pre-late 2018)
No auth needed
Prerequisites: Network access to the target device · Knowledge of the target's IP address
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 34 stars
by r3dxpl0it · poc
https://github.com/r3dxpl0it/CVE-2018-4407

This repository contains a Python-based exploit for CVE-2018-4407, a heap buffer overflow vulnerability in the XNU kernel affecting iOS and macOS. The exploit sends malformed TCP packets to trigger a denial-of-service (DoS) condition on vulnerable systems.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (iOS and macOS)
No auth needed
Prerequisites: Network access to target systems · Python environment with Scapy and Nmap libraries
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 25 stars
by farisv · poc
https://github.com/farisv/AppleDOS

This PoC exploits CVE-2018-4407, a heap overflow vulnerability in Apple's XNU kernel caused by malformed ICMP error messages. It sends crafted TCP packets with oversized options to trigger a denial-of-service (DoS) on vulnerable Apple devices.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple iOS (≤11), macOS High Sierra (≤10.13.6), macOS Sierra (≤10.12.6), OS X El Capitan and earlier
No auth needed
Prerequisites: Network access to target devices · Python 3 with Scapy · Root/administrative privileges for raw packet sending
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 14 stars
by zteeed · poc
https://github.com/zteeed/CVE-2018-4407-IOS

This PoC exploits a heap buffer overflow in the XNU kernel's ICMP packet handling (CVE-2018-4407) to trigger a kernel crash and reboot on iOS/macOS devices. It scans the local network and sends malformed ICMP packets to vulnerable hosts.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (iOS/macOS)
No auth needed
Prerequisites: Root privileges · Network access to target devices
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 13 stars
by WyAtu · poc
https://github.com/WyAtu/CVE-2018-4407

This PoC exploits CVE-2018-4407, a kernel crash vulnerability in iOS/macOS, by sending malformed IP packets with crafted IPOption and TCP options to trigger a denial-of-service (DoS) condition. The script includes ping scanning and multi-threading for targeting multiple hosts.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple iOS/macOS kernel (versions affected by CVE-2018-4407)
No auth needed
Prerequisites: Network access to target device · Target device must be vulnerable to CVE-2018-4407
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 10 stars
by SamDecrock · poc
https://github.com/SamDecrock/node-cve-2018-4407

This PoC exploits CVE-2018-4407, a remote kernel heap overflow in Apple's XNU kernel, by sending malformed IP packets with crafted TCP options. It targets iOS and macOS devices, causing a denial-of-service (DoS) condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (iOS 11 and earlier, macOS)
No auth needed
Prerequisites: Network access to the target device · Node.js environment with raw-socket and ip modules
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by pwnhacker0x18 · poc
https://github.com/pwnhacker0x18/iOS-Kernel-Crash

This PoC exploits a heap buffer overflow in the XNU kernel (CVE-2018-4407) by sending malformed IP packets with oversized options to trigger a kernel crash and device reboot. It targets iOS and macOS devices via network packets to ports 62078 and 2323.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple XNU kernel (iOS 12 and macOS)
No auth needed
Prerequisites: Network access to target device · Scapy library installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by anonymouz4 · poc
https://github.com/anonymouz4/Apple-Remote-Crash-Tool-CVE-2018-4407

This repository contains a Python-based tool that exploits CVE-2018-4407, a heap buffer overflow vulnerability in Apple devices. It sends a malicious ICMP packet to crash macOS High Sierra or iOS 11 devices on the same WiFi network.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple iOS 11 and earlier, macOS High Sierra up to 10.13.6, macOS Sierra up to 10.12.6, OS X El Capitan and earlier
No auth needed
Prerequisites: MacOS with Python and Scapy installed · Target device on the same WiFi network
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by zeng9t · poc
https://github.com/zeng9t/CVE-2018-4407-iOS-exploit

This exploit targets CVE-2018-4407, a heap buffer overflow in the XNU kernel's networking code, affecting iOS and macOS. It crafts malicious TCP packets with oversized options to trigger a denial-of-service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (iOS 11.2.6, macOS High Sierra 10.13.6)
No auth needed
Prerequisites: Network access to target devices · Scapy library installed · Root/sudo privileges for raw packet sending
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 1 stars
by vaishakhcv · perlpoc
https://github.com/vaishakhcv/CVE-exploits/tree/master/CVE-2018-4407

The repository contains a functional exploit script for CVE-2018-4407, which targets a buffer overflow vulnerability in the Apple macOS kernel. The script uses Scapy to send crafted IP packets with malformed options to trigger the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple macOS kernel (versions prior to macOS High Sierra 10.13.4)
No auth needed
Prerequisites: Scapy installed · sudo privileges · target IP address
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 1 stars
by lucagiovagnoli · poc
https://github.com/lucagiovagnoli/CVE-2018-4407

This PoC exploits CVE-2018-4407, a buffer overflow in the XNU kernel's ICMP error handling, causing a DoS on iOS/macOS devices via malformed IP/TCP packets. The script uses Scapy to craft packets with specific header lengths and options to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple XNU kernel (iOS/macOS)
No auth needed
Prerequisites: Network access to target device · Scapy and Nmap installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by s2339956 · poc
https://github.com/s2339956/check_icmp_dos-CVE-2018-4407-

This PoC exploits CVE-2018-4407, a DoS vulnerability in Apple's XNU kernel by sending malformed ICMP packets with oversized options, causing a crash in macOS and iOS devices. The script uses Scapy to craft and send these packets.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple macOS (up to 10.13.6), iOS (up to 11.x)
No auth needed
Prerequisites: Scapy library · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WORKING POC
by aiastia079 · poc
https://gitlab.com/aiastia079/check_icmp_dos

This repository contains a functional PoC for CVE-2018-4407, a remote kernel heap overflow in iOS/macOS. The exploit sends malformed ICMP packets with crafted IP and TCP options to trigger a DoS condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple iOS (up to 12) and macOS (up to 10.13.6)
No auth needed
Prerequisites: Same network access as the target · Scapy library installed
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by szabo-tibor · poc
https://github.com/szabo-tibor/CVE-2018-4407

This PoC exploits CVE-2018-4407, a denial-of-service vulnerability in Apple's macOS and iOS, by sending a malformed IP packet with crafted options to trigger a kernel panic. The exploit uses Scapy to construct and send the packet to the target.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple macOS (up to 10.13.3) and iOS (up to 11.2.5)
No auth needed
Prerequisites: Network access to the target · Scapy library installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by winterwolf32 · perlpoc
https://github.com/winterwolf32/CVE_Exploits-/tree/master/CVE-2018-4407

The repository contains a functional exploit script for CVE-2018-4407, which targets a denial-of-service (DoS) vulnerability in Apple's macOS and iOS. The script uses Scapy to send malformed IP packets with crafted options to trigger the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple macOS and iOS (versions affected by CVE-2018-4407)
No auth needed
Prerequisites: Scapy installed · sudo privileges · network access to target
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by Fans0n-Fan · poc
https://github.com/Fans0n-Fan/CVE-2018-4407

This PoC exploits CVE-2018-4407, a kernel crash vulnerability in Apple's ICMP packet-handling code, by sending malformed ICMP packets with crafted IP and TCP options to trigger an out-of-bounds write, resulting in a DoS condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple iOS 11.0, 11.2, 11.3.1
No auth needed
Prerequisites: Network access to the target device · Scapy library installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by 5431 · poc
https://github.com/5431/CVE-2018-4407

This PoC exploits CVE-2018-4407, an ICMP-based DoS vulnerability in Apple's XNU kernel. It sends malformed ICMP packets with oversized IP options to trigger a denial-of-service condition on vulnerable systems.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple XNU kernel (macOS and iOS)
No auth needed
Prerequisites: Scapy library · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 8.8
EPSS 0.2201
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (4)
apple/iphone_os < 12.0
apple/mac_os_x < 10.14
apple/tvos < 12
apple/watchos < 5.0
Published Apr 03, 2019
Tracked Since Feb 18, 2026