Vulnerability Details : CVE-2018-4269
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
Vulnerability category: OverflowMemory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2018-4269
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-4269
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
8.6
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.8
|
6.0
|
NIST |
CWE ids for CVE-2018-4269
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-4269
-
https://support.apple.com/kb/HT208935
About the security content of watchOS 4.3.2 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT208932
About the security content of iCloud for Windows 7.6 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT208937
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT208936
About the security content of tvOS 11.4.1 - Apple SupportVendor Advisory
Products affected by CVE-2018-4269
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*