First published: Thu Mar 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Credit: Samuel Groß @5aelo Samuel Groß @5aelo Samuel Groß @5aelo Samuel Groß @5aelo Samuel Groß @5aelo Samuel Groß @5aelo Samuel Groß @5aelo product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <11.3 | |
Apple Mac OS X | <10.13.4 | |
Apple tvOS | <11.3 | |
Apple watchOS | <4.3 | |
Apple watchOS | <4.3 | 4.3 |
Apple tvOS | <11.3 | 11.3 |
Apple iOS | <11.3 | 11.3 |
Apple macOS High Sierra | <10.13.4 | 10.13.4 |
Apple Sierra | ||
Apple El Capitan |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2018-4155.
iOS before 11.3, macOS before 10.13.4, tvOS before 11.3, and watchOS before 4.3 are affected by this vulnerability.
CVE-2018-4155 has a severity level of 7 (High).
Attackers can exploit this vulnerability by leveraging a race condition to execute arbitrary code in a privileged context.
Yes, Apple has released fixes for iOS, macOS, tvOS, and watchOS to address this vulnerability. It is recommended to update to the latest available version.