CVE-2018-4248: Input Validation
First published: Mon Jul 09 2018(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
Credit: Brandon Azad Brandon Azad Brandon Azad Brandon Azad product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <4.3.2 | 4.3.2 |
| Apple iOS | <11.4.1 | 11.4.1 |
| Apple tvOS | <11.4.1 | 11.4.1 |
| Apple macOS High Sierra | <10.13.6 | 10.13.6 |
| Apple Sierra | ||
| Apple El Capitan | ||
| Apple iPhone OS | <11.4.1 | |
| Apple Mac OS X | <10.13.6 | |
| Apple tvOS | <11.4.1 | |
| Apple watchOS | <4.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208935 (Advisory)
- https://support.apple.com/en-us/HT208936 (Advisory)
- https://support.apple.com/en-us/HT208937 (Advisory)
- https://support.apple.com/en-us/HT208938 (Advisory)
- https://support.apple.com/kb/HT208935
- https://support.apple.com/kb/HT208936
- https://support.apple.com/kb/HT208937
- https://support.apple.com/kb/HT208938
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4293
- CVE-2018-4269
- CVE-2018-4290
- CVE-2018-4282
- CVE-2018-4280
- CVE-2018-4248
- CVE-2018-4277
- CVE-2018-4270
- CVE-2018-4284
- CVE-2018-4266
- CVE-2018-4262
- CVE-2018-4264
- CVE-2018-4272
- CVE-2018-4271
- CVE-2018-4273
- CVE-2018-4470
- CVE-2018-4289
- CVE-2018-4268
- CVE-2018-4285
- CVE-2018-5383
- CVE-2018-4276
- CVE-2018-4178
- CVE-2018-4456
- CVE-2018-4283
- CVE-2018-3665
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-6797
- CVE-2018-6913
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4274
- CVE-2018-4278
- CVE-2018-4261
- CVE-2018-4263
- CVE-2018-4265
- CVE-2018-4267
- CVE-2018-4327
- CVE-2018-4216
- CVE-2018-4260
- CVE-2018-4275
Frequently Asked Questions
What is CVE-2018-4248?
CVE-2018-4248 is a vulnerability in libxpc that allows for an out-of-bounds read due to improved input validation.
Which versions of iOS are affected by CVE-2018-4248?
Versions of iOS prior to 11.4.1 are affected by CVE-2018-4248.
Which versions of macOS are affected by CVE-2018-4248?
Versions of macOS High Sierra prior to 10.13.6 are affected by CVE-2018-4248.
How can I fix CVE-2018-4248 on tvOS?
To fix CVE-2018-4248 on tvOS, you need to update to version 11.4.1 or later.
How can I fix CVE-2018-4248 on watchOS?
To fix CVE-2018-4248 on watchOS, you need to update to version 4.3.2 or later.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/event
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple watchos
- canonical/apple macos high sierra
- canonical/apple sierra
- canonical/apple el capitan
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple tvos
- canonical/apple ios