4.7

CVE-2018-4092

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleApple TV Version < 11.2.5
AppleiPhone OS Version < 11.2.5
ApplemacOS X Version < 10.13.3
ApplewatchOS Version < 4.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.485
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securityfocus.com/bid/102782
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040265
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040267
Third Party Advisory
VDB Entry
https://support.apple.com/HT208462
Vendor Advisory
https://support.apple.com/HT208463
Vendor Advisory
https://support.apple.com/HT208464
Vendor Advisory
https://support.apple.com/HT208465
Vendor Advisory