CVE-2018-4229: Input Validation

Q: What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2018-4229.

Q: What is the severity of CVE-2018-4229?

The severity of CVE-2018-4229 is critical.

Q: Which Apple products are affected by CVE-2018-4229?

macOS before 10.13.5, macOS High Sierra before 10.13.5, Sierra, and El Capitan are affected by CVE-2018-4229.

Q: What does CVE-2018-4229 allow attackers to do?

CVE-2018-4229 allows attackers to bypass a sandbox protection mechanism.

Q: How can CVE-2018-4229 be mitigated?

Update to macOS 10.13.5 or later to mitigate CVE-2018-4229.

Published Jun 1, 2018

Updated

Grand Central Dispatch. An issue existed in parsing entitlement plists. This issue was addressed with improved input validation.

Other sources

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.

Credit

Jakob Rieck@@0xdead10cc(the Security in Distributed Systems Group), University(Hamburg)

Affected Software

4 affected componentsFixes available

Apple macOS High Sierra<10.13.5

10.13.5

Apple Sierra

Apple El Capitan

Apple iOS and macOS<10.13.5

Event History

Jun 8, 2018

CVE Published

via MITRE·06:00 PM

Data Sourced

via MITRE·06:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208849

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2018-4229.

What is the severity of CVE-2018-4229?

The severity of CVE-2018-4229 is critical.

Which Apple products are affected by CVE-2018-4229?

macOS before 10.13.5, macOS High Sierra before 10.13.5, Sierra, and El Capitan are affected by CVE-2018-4229.

What does CVE-2018-4229 allow attackers to do?