CVE-2018-4194: Input Validation

Q: What is CVE-2018-4194?

CVE-2018-4194 is a vulnerability that allows an attacker to read data outside the specified bounds in various Apple software.

Q: What is the severity of CVE-2018-4194?

CVE-2018-4194 has a severity rating of 8.8 (high).

Q: How can CVE-2018-4194 be fixed?

To fix CVE-2018-4194, it is recommended to update to the latest version of the affected software provided by Apple.

Q: Where can I find more information about CVE-2018-4194?

You can find more information about CVE-2018-4194 on the official Apple support page: https://support.apple.com/en-us/HT208852

Published May 29, 2018

Updated

CoreGraphics. An out-of-bounds read was addressed with improved input validation.

Other sources

In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.

Credit

Jihui Lu(Tencent KeenLab), Yu Zhou(Ant)

Affected Software

10 affected componentsFixes available

Apple macOS High Sierra<10.13.5

10.13.5

Apple Sierra

Apple El Capitan

Apple iTunes for Windows<12.7.5

12.7.5

Apple iPhone OS<11.4

Apple iOS and macOS>=10.13.0<10.13.5

Apple WatchOS<4.3.1

Apple iCloud<7.5

Apple iTunes<12.7.5

Microsoft Windows

Event History

Jan 11, 2019

CVE Published

via MITRE·06:00 PM

Data Sourced

via MITRE·06:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4194?

CVE-2018-4194 is a vulnerability that allows an attacker to read data outside the specified bounds in various Apple software.

Which software versions are affected by CVE-2018-4194?

iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5 are affected by CVE-2018-4194.

What is the severity of CVE-2018-4194?