CVE-2018-4344
Published: 03 April 2019
Summary
CVE-2018-4344 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Apple Iphone Os. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 39.3th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A memory corruption vulnerability identified as CVE-2018-4344 and categorized under CWE-119 was present in Apple platforms prior to iOS 12, macOS Mojave 10.14, tvOS 12, and watchOS 5. The root cause was insufficient memory handling that could be triggered to corrupt process memory, rated at CVSS 7.8 with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
An attacker with the ability to supply a malicious file or input that a local user opens or processes could exploit the flaw to achieve arbitrary code execution or full system compromise without requiring elevated privileges.
Apple security updates resolved the issue by implementing improved memory handling, as described in the vendor advisories at https://support.apple.com/kb/HT209106, https://support.apple.com/kb/HT209107, https://support.apple.com/kb/HT209108, and https://support.apple.com/kb/HT209139. No public information on in-the-wild exploitation is provided in the references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-16130
Vulnerability details
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
- CWE(s)
- KEV Date Added
- 27 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires memory protection mechanisms that would have blocked the memory corruption flaw exploited by CVE-2018-4344.
Mandates timely application of vendor patches that corrected the insufficient memory handling in affected Apple platforms.
Requires validation of input that could have prevented the malicious file or data from triggering the memory corruption.