CVE-2018-4237
CVE-2018-4237
Vexday Risk Score
65High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 13.9%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
15 Mar 2018Metasploit module available
08 Jun 2018Published on NVD
29 Nov 2018Public PoC
Weaponization speed
173 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/45916/unverifiedexploitdbwww.exploit-db.com/exploits/45916unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.