← back
CVE-2018-4344

CVE-2018-4344

CVSS 7.8 HIGHEPSS 2.9%● KEVCWE-119
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 2.9%KEV simPoC Nuclei Metasploit Patch
Lifecycle
03 Apr 2019Published on NVD
27 Jun 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A memory corruption vulnerability in Apple devices allowed attackers to crash applications or potentially execute code by exploiting improper memory handling. This affected older versions of iOS, macOS, tvOS, and watchOS.

Technical detail

Out-of-bounds memory access (CWE-119) in Apple operating systems prior to iOS 12, macOS Mojave 10.14, tvOS 12, and watchOS 5. The vulnerability required local or network-based interaction depending on context, potentially enabling denial of service or arbitrary code execution through crafted input triggering unsafe memory operations.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · iOS, macOS, tvOS, watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/kb/HT209106https://support.apple.com/kb/HT209107https://support.apple.com/kb/HT209108https://support.apple.com/kb/HT209139https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4344