CVE-2018-4230: Race Condition

Reference Links

• https://support.apple.com/en-us/HT208849 (Advisory)
• http://www.securitytracker.com/id/1041027
• https://bugs.chromium.org/p/project-zero/issues/detail?id=1549
• https://support.apple.com/HT208849
• https://www.exploit-db.com/exploits/44847/

Parent vulnerabilities

(Appears in the following advisories)

• HT208849

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2018-4196
• CVE-2018-4253
• CVE-2018-4256
• CVE-2018-4255
• CVE-2018-4254
• CVE-2018-4258
• CVE-2018-4257
• CVE-2018-7584
• CVE-2018-4219
• CVE-2018-5383
• CVE-2018-4171
• CVE-2018-4194
• CVE-2018-4180
• CVE-2018-4181
• CVE-2018-4182
• CVE-2018-4183
• CVE-2018-4478
• CVE-2018-4251
• CVE-2018-4211
• CVE-2018-4229
• CVE-2018-4159
• CVE-2018-4242
• CVE-2018-4202
• CVE-2018-4217
• CVE-2018-4141
• CVE-2018-4228
• CVE-2018-4236
• CVE-2018-4234
• CVE-2018-4249
• CVE-2018-8897
• CVE-2018-4241
• CVE-2018-4243
• CVE-2018-4237
• CVE-2018-4404
• CVE-2018-4227
• CVE-2018-4235
• CVE-2018-4240
• CVE-2018-4230
• CVE-2018-4221
• CVE-2018-4223
• CVE-2018-4224
• CVE-2018-4225
• CVE-2018-4226
• CVE-2018-4184
• CVE-2018-4198
• CVE-2018-4193

Frequently Asked Questions

• What is CVE-2018-4230?

  CVE-2018-4230 is a vulnerability in certain Apple products, specifically macOS before 10.13.5, that allows attackers to execute arbitrary code in a privileged context.

• What is the severity of CVE-2018-4230?

  CVE-2018-4230 has a severity level of high.

• How does CVE-2018-4230 work?

  CVE-2018-4230 is a race condition vulnerability in the "NVIDIA Graphics Drivers" component of certain Apple products, which can be exploited by a crafted app to trigger a use-after-free vulnerability and execute arbitrary code in a privileged context.

• Which versions of macOS are affected by CVE-2018-4230?

  macOS versions before 10.13.5 are affected by CVE-2018-4230.

• Is there a fix for CVE-2018-4230?

  Yes, updating macOS to version 10.13.5 or later will fix CVE-2018-4230.