CVE-2018-4094: Buffer Overflow
First published: Tue Apr 03 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Apple Tv | <11.2.5 | |
| Apple iPhone OS | <11.2.5 | |
| Apple Mac OS X | <10.13.3 | |
| Apple watchOS | <4.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability identifier for this issue?
The vulnerability identifier for this issue is CVE-2018-4094.
Which Apple products are affected by this vulnerability?
This vulnerability affects certain Apple products, including Apple iPhone OS before 11.2.5, Apple Mac OS X before 10.13.3, Apple iOS before 11.2.5, and Apple watchOS before 4.2.2.
What is the severity of CVE-2018-4094?
The severity of CVE-2018-4094 is high with a severity value of 7.8.
What is the component involved in this vulnerability?
The component involved in this vulnerability is the "Audio" component.
How can this vulnerability be exploited?
This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple apple tv
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple watchos