CVE-2018-4105: Input Validation
Published Mar 29, 2018
·Updated
APFS. An injection issue was addressed through improved input validation.
Other sources
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.
Credit
David J Beitey@@davidjb_, Ge
Affected Software
4 affected componentsFixes available
Apple macOS High Sierra<10.13.4
10.13.4
Apple Sierra
Apple El Capitan
Apple iOS and macOS<10.13.4
Event History
Apr 3, 2018
CVE Published
via MITRE·06:00 AM
Data Sourced
via MITRE·06:00 AM
Description
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-4170
- CVE-2018-4105
- CVE-2018-4112
- CVE-2018-4166
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2017-13890
- CVE-2017-8816
- CVE-2018-4176
- CVE-2018-4108
- CVE-2017-13080
- CVE-2018-4167
- CVE-2018-4151
- CVE-2018-4132
- CVE-2018-4135
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4136
- CVE-2018-4160
- CVE-2018-4185
- CVE-2018-4139
- CVE-2018-4175
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4179
- CVE-2018-4111
- CVE-2018-4174
- CVE-2018-4152
- CVE-2017-7151
- CVE-2018-4138
- CVE-2018-4107
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4298
- CVE-2018-4144
- CVE-2017-13911
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4106
- CVE-2018-4131
Frequently Asked Questions
1
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2018-4105.
2
What is the severity of CVE-2018-4105?
The severity of CVE-2018-4105 is critical (9.8).
3
Which Apple products are affected by CVE-2018-4105?
macOS High Sierra (up to 10.13.4), Sierra, and El Capitan are affected by CVE-2018-4105.
4
How can an attacker exploit this vulnerability?
An attacker can trigger truncation of an APFS volume password through an unspecified injection.
5
How can I fix CVE-2018-4105?
Update your macOS to version 10.13.4 or later to fix CVE-2018-4105.