CVE-2018-4240: Input Validation

Q: What is the vulnerability ID of this issue?

The vulnerability ID is CVE-2018-4240.

Q: What is the severity of CVE-2018-4240?

The severity of CVE-2018-4240 is rated as medium with a severity value of 6.5.

Q: Which Apple products are affected by CVE-2018-4240?

iOS before 11.4, macOS before 10.13.5, tvOS before 11.4, and watchOS before 4.3.1 are affected.

Q: How can CVE-2018-4240 be exploited?

Remote attackers can cause a denial of service by sending a crafted message.

Published Jun 1, 2018

Updated

Messages. This issue was addressed with improved message validation.

Other sources

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Credit

Sriram@@Sri_Hxor(PrimeFort Pvt)

Affected Software

7 affected componentsFixes available

Apple macOS High Sierra<10.13.5

10.13.5

Apple Sierra

Apple El Capitan

Apple iPhone OS<11.4

Apple iOS and macOS<10.13.5

Apple tvOS<11.4

Apple WatchOS<4.3.1

Event History

Jun 8, 2018

CVE Published

via MITRE·06:00 PM

Data Sourced

via MITRE·06:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208849

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID is CVE-2018-4240.

What is the severity of CVE-2018-4240?

The severity of CVE-2018-4240 is rated as medium with a severity value of 6.5.

Which Apple products are affected by CVE-2018-4240?

iOS before 11.4, macOS before 10.13.5, tvOS before 11.4, and watchOS before 4.3.1 are affected.

What component is involved in CVE-2018-4240?

The issue involves the "Messages" component.

How can CVE-2018-4240 be exploited?