CVE-2018-4431

MEDIUM

iPhone OS < 12.1.1 - Unprotected User Data Exposure via Memory Initialization Issue

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4431. PoCs published by ktiOSz.

AI-analyzed exploit summary This PoC exploits a race condition in iOS 12 to iOS 12.1 (CVE-2018-4431) by leveraging the `thread_selfcounts` and `task_inspect` functions to leak kernel memory addresses. The exploit uses multiple threads to trigger the race condition and dump kernel memory contents.

Description

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

Exploits (1)

nomisec WORKING POC 4 stars
by ktiOSz · poc
https://github.com/ktiOSz/PoC_iOS12

This PoC exploits a race condition in iOS 12 to iOS 12.1 (CVE-2018-4431) by leveraging the `thread_selfcounts` and `task_inspect` functions to leak kernel memory addresses. The exploit uses multiple threads to trigger the race condition and dump kernel memory contents.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Racy
Target: Apple iOS 12 to 12.1
No auth needed
Prerequisites: iOS device running iOS 12 to 12.1 · Physical or local access to the device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209343
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209342
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209340
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209341

Scores

CVSS v3 5.5
EPSS 0.0198
EPSS Percentile 83.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (4)
apple/iphone_os < 12.1.1
apple/mac_os_x < 10.14.2
apple/tvos < 12.1.1
apple/watchos < 5.1.2
Published Apr 03, 2019
Tracked Since Feb 18, 2026