CVE-2018-4335: Input Validation

Q: What is CVE-2018-4335?

CVE-2018-4335 is a vulnerability in the IOMobileFrameBuffer component of iOS that allows for remote code execution.

Q: How does CVE-2018-4335 impact iOS?

CVE-2018-4335 affects versions of iOS prior to 12.0 and allows an attacker to execute arbitrary code remotely.

Q: What is the severity of CVE-2018-4335?

CVE-2018-4335 has a severity rating of medium, with a CVSS score of 5.5.

Q: How can I fix CVE-2018-4335?

To fix CVE-2018-4335, iOS users should update their devices to version 12.0 or later.

Q: Where can I find more information about CVE-2018-4335?

More information about CVE-2018-4335 can be found on the Apple support page: https://support.apple.com/kb/HT209106

Published Sep 17, 2018

Updated

IOMobileFrameBuffer. A validation issue was addressed with improved input sanitization.

Other sources

A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.

Credit

Brandon Azad

Affected Software

2 affected componentsFixes available

Apple iOS and iPadOS<12

iPhone OS<12.0

Event History

Apr 3, 2019

CVE Published

via MITRE·05:43 PM

Data Sourced

via MITRE·05:43 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT209106

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4335?

CVE-2018-4335 is a vulnerability in the IOMobileFrameBuffer component of iOS that allows for remote code execution.

How does CVE-2018-4335 impact iOS?