CVE-2018-4219: Incorrect Type Cast

Q: What is CVE-2018-4219?

CVE-2018-4219 is a type confusion vulnerability in the ATS component of certain Apple products, allowing attackers to gain privileges via a crafted app.

Q: How does CVE-2018-4219 affect macOS?

CVE-2018-4219 affects macOS versions before 10.13.5.

Q: What is the severity of CVE-2018-4219?

CVE-2018-4219 has a severity rating of 7.8 (High).

Q: How can I fix CVE-2018-4219?

To fix CVE-2018-4219, update to macOS version 10.13.5 or later.

Q: Where can I find more information about CVE-2018-4219?

You can find more information about CVE-2018-4219 at the following references: [link1], [link2].

Published Jun 1, 2018

Updated

ATS. A type confusion issue was addressed with improved memory handling.

Other sources

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.

Credit

Mohamed Ghannam@@_simo36

Affected Software

4 affected componentsFixes available

Apple macOS High Sierra<10.13.5

10.13.5

Apple Sierra

Apple El Capitan

Apple iOS and macOS<10.13.5

Event History

Jun 8, 2018

CVE Published

via MITRE·06:00 PM

Data Sourced

via MITRE·06:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208849

Frequently Asked Questions

What is CVE-2018-4219?

CVE-2018-4219 is a type confusion vulnerability in the ATS component of certain Apple products, allowing attackers to gain privileges via a crafted app.

How does CVE-2018-4219 affect macOS?

CVE-2018-4219 affects macOS versions before 10.13.5.

What is the severity of CVE-2018-4219?

CVE-2018-4219 has a severity rating of 7.8 (High).

How can I fix CVE-2018-4219?