← back
CVE-2018-4237

CVE-2018-4237

EPSS 13.9%◆ VulnCheck KEV
Vexday Risk Score
65High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 13.9%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
15 Mar 2018Metasploit module available
08 Jun 2018Published on NVD
29 Nov 2018Public PoC
Weaponization speed
173 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.