CVE-2018-4155: Race Condition
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Other sources
CoreFoundation. A race condition was addressed with additional validation.
Credit
Affected Software
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-4155
- CVE-2018-4142
- CVE-2018-4167
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4185
- CVE-2017-15412
- CVE-2018-4166
- CVE-2018-4157
- CVE-2018-4144
- CVE-2018-4115
- CVE-2018-4113
- CVE-2018-4146
- CVE-2018-4101
- CVE-2018-4114
- CVE-2018-4118
- CVE-2018-4119
- CVE-2018-4120
- CVE-2018-4121
- CVE-2018-4122
- CVE-2018-4125
- CVE-2018-4127
- CVE-2018-4128
- CVE-2018-4129
- CVE-2018-4130
- CVE-2018-4161
- CVE-2018-4162
- CVE-2018-4163
- CVE-2018-4165
- CVE-2018-4207
- CVE-2018-4208
- CVE-2018-4209
- CVE-2018-4210
- CVE-2018-4212
- CVE-2018-4213
- CVE-2018-4145
- CVE-2018-4170
- CVE-2018-4105
- CVE-2018-4112
- CVE-2018-4158
- CVE-2017-13890
- CVE-2017-8816
- CVE-2018-4176
- CVE-2018-4108
- CVE-2017-13080
- CVE-2018-4151
- CVE-2018-4132
- CVE-2018-4135
- CVE-2018-4136
- CVE-2018-4160
- CVE-2018-4139
- CVE-2018-4175
- CVE-2018-4187
- CVE-2018-4179
- CVE-2018-4111
- CVE-2018-4174
- CVE-2018-4152
- CVE-2017-7151
- CVE-2018-4138
- CVE-2018-4107
- CVE-2018-4156
- CVE-2018-4298
- CVE-2017-13911
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4106
- CVE-2018-4131
- CVE-2018-4390
- CVE-2018-4391
- CVE-2018-4117
- CVE-2018-4177
- CVE-2018-4123
- CVE-2018-4168
- CVE-2018-4172
- CVE-2018-4134
- CVE-2018-4137
- CVE-2018-4149
- CVE-2018-4140
- CVE-2018-4148
- CVE-2018-4110
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-4155.
Which Apple products are affected by this vulnerability?
iOS before 11.3, macOS before 10.13.4, tvOS before 11.3, and watchOS before 4.3 are affected by this vulnerability.
What is the severity of CVE-2018-4155?
CVE-2018-4155 has a severity level of 7 (High).
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by leveraging a race condition to execute arbitrary code in a privileged context.
Is there a fix available for this vulnerability?
Yes, Apple has released fixes for iOS, macOS, tvOS, and watchOS to address this vulnerability. It is recommended to update to the latest available version.