CVE-2018-4154: Race Condition

Q: What is CVE-2018-4154?

CVE-2018-4154 is a vulnerability in certain Apple products, including iOS before 11.3 and macOS before 10.13.4, that allows attackers to execute arbitrary code.

Q: How does CVE-2018-4154 affect Apple products?

CVE-2018-4154 affects iOS before 11.3 and macOS before 10.13.4, potentially allowing attackers to execute arbitrary code in a privileged context.

Q: What is the severity of CVE-2018-4154?

CVE-2018-4154 has a severity level of high.

Q: How can I fix CVE-2018-4154?

To fix CVE-2018-4154, update your iOS to version 11.3 or later and update macOS to version 10.13.4 or later.

Q: Where can I find more information about CVE-2018-4154?

You can find more information about CVE-2018-4154 at the following links: [Link 1](http://www.securityfocus.com/bid/103581), [Link 2](http://www.securityfocus.com/bid/105273), [Link 3](http://www.securitytracker.com/id/1040604).

Published Mar 29, 2018

Updated

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Other sources

Storage. A race condition was addressed with additional validation.

Credit

Samuel Groß@@5aelo

Affected Software

6 affected componentsFixes available

Apple macOS High Sierra<10.13.4

10.13.4

Apple Sierra

Apple El Capitan

Apple iOS<11.3

11.3

Apple iPhone OS<11.3

Apple iOS and macOS<10.13.4

Event History

Apr 3, 2018

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2018-4170
CVE-2018-4105
CVE-2018-4112
CVE-2018-4166
CVE-2018-4155
CVE-2018-4158
CVE-2018-4142
CVE-2017-13890
CVE-2017-8816
CVE-2018-4176
CVE-2018-4108
CVE-2017-13080
CVE-2018-4167
CVE-2018-4151
CVE-2018-4132
CVE-2018-4135
CVE-2018-4150
CVE-2018-4104
CVE-2018-4143
CVE-2018-4136
CVE-2018-4160
CVE-2018-4185
CVE-2018-4139
CVE-2018-4175
CVE-2017-15412
CVE-2018-4187
CVE-2018-4179
CVE-2018-4111
CVE-2018-4174
CVE-2018-4152
CVE-2017-7151
CVE-2018-4138
CVE-2018-4107
CVE-2018-4156
CVE-2018-4157
CVE-2018-4298
CVE-2018-4144
CVE-2017-13911
CVE-2018-4173
CVE-2018-4154
CVE-2018-4115
CVE-2018-4106
CVE-2018-4131
CVE-2018-4177
CVE-2018-4123
CVE-2018-4390
CVE-2018-4391
CVE-2018-4168
CVE-2018-4172
CVE-2018-4134
CVE-2018-4137
CVE-2018-4149
CVE-2018-4140
CVE-2018-4148
CVE-2018-4110
CVE-2018-4101
CVE-2018-4114
CVE-2018-4118
CVE-2018-4119
CVE-2018-4120
CVE-2018-4121
CVE-2018-4122
CVE-2018-4125
CVE-2018-4127
CVE-2018-4128
CVE-2018-4129
CVE-2018-4130
CVE-2018-4161
CVE-2018-4162
CVE-2018-4163
CVE-2018-4165
CVE-2018-4113
CVE-2018-4146
CVE-2018-4117
CVE-2018-4207
CVE-2018-4208
CVE-2018-4209
CVE-2018-4210
CVE-2018-4212
CVE-2018-4213
CVE-2018-4145

Frequently Asked Questions

What is CVE-2018-4154?

CVE-2018-4154 is a vulnerability in certain Apple products, including iOS before 11.3 and macOS before 10.13.4, that allows attackers to execute arbitrary code.

How does CVE-2018-4154 affect Apple products?