CVE-2018-4157: Race Condition

Q: What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2018-4157.

Q: Which products are affected by this vulnerability?

iOS before 11.3, macOS before 10.13.4, tvOS before 11.3, and watchOS before 4.3 are affected by this vulnerability.

Q: What is the severity of CVE-2018-4157?

The severity of CVE-2018-4157 is high with a severity value of 7.

Q: What is the issue with the "Quick Look" component?

The issue with the "Quick Look" component is a race condition that allows attackers to execute arbitrary code in a privileged context.

Q: Where can I find more information about CVE-2018-4157?

You can find more information about CVE-2018-4157 at the following references: [http://www.securitytracker.com/id/1040604](http://www.securitytracker.com/id/1040604), [http://www.securitytracker.com/id/1040608](http://www.securitytracker.com/id/1040608), [https://support.apple.com/HT208692](https://support.apple.com/HT208692).

Published Mar 29, 2018

Updated

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Other sources

Quick Look. A race condition was addressed with additional validation.

Credit

Samuel Groß@@5aelo

Affected Software

10 affected componentsFixes available

Apple tvOS<11.3

11.3

Apple macOS High Sierra<10.13.4

10.13.4

Apple Sierra

Apple El Capitan

Apple WatchOS<4.3

4.3

Apple iOS<11.3

11.3

Apple iPhone OS<11.3

Apple iOS and macOS<10.13.4

Apple tvOS<11.3

Apple WatchOS<4.3

Event History

Apr 3, 2018

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2018-4155
CVE-2018-4142
CVE-2018-4167
CVE-2018-4150
CVE-2018-4104
CVE-2018-4143
CVE-2018-4185
CVE-2017-15412
CVE-2018-4166
CVE-2018-4157
CVE-2018-4144
CVE-2018-4115
CVE-2018-4113
CVE-2018-4146
CVE-2018-4101
CVE-2018-4114
CVE-2018-4118
CVE-2018-4119
CVE-2018-4120
CVE-2018-4121
CVE-2018-4122
CVE-2018-4125
CVE-2018-4127
CVE-2018-4128
CVE-2018-4129
CVE-2018-4130
CVE-2018-4161
CVE-2018-4162
CVE-2018-4163
CVE-2018-4165
CVE-2018-4207
CVE-2018-4208
CVE-2018-4209
CVE-2018-4210
CVE-2018-4212
CVE-2018-4213
CVE-2018-4145
CVE-2018-4170
CVE-2018-4105
CVE-2018-4112
CVE-2018-4158
CVE-2017-13890
CVE-2017-8816
CVE-2018-4176
CVE-2018-4108
CVE-2017-13080
CVE-2018-4151
CVE-2018-4132
CVE-2018-4135
CVE-2018-4136
CVE-2018-4160
CVE-2018-4139
CVE-2018-4175
CVE-2018-4187
CVE-2018-4179
CVE-2018-4111
CVE-2018-4174
CVE-2018-4152
CVE-2017-7151
CVE-2018-4138
CVE-2018-4107
CVE-2018-4156
CVE-2018-4298
CVE-2017-13911
CVE-2018-4173
CVE-2018-4154
CVE-2018-4106
CVE-2018-4131
CVE-2018-4390
CVE-2018-4391
CVE-2018-4117
CVE-2018-4177
CVE-2018-4123
CVE-2018-4168
CVE-2018-4172
CVE-2018-4134
CVE-2018-4137
CVE-2018-4149
CVE-2018-4140
CVE-2018-4148
CVE-2018-4110

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2018-4157.

Which products are affected by this vulnerability?