Lucene search
Juwei Lin(@panicaII) of TrendMicro Mobile Security TeamZDI-18-1334HistoryOct 31, 2018 - 12:00 a.m.
Apple macOS sysctl_procargsx Uninitialized Buffer Information Disclosure Vulnerability
2018-10-3100:00:00
Juwei Lin(@panicaII) of TrendMicro Mobile Security Team
www.zerodayinitiative.com
18
0.001 Low
EPSS
Percentile
46.7%
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the sysctl_procargsx system call. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges in the context of the kernel.
References
Related
cve
cve
CVE-2018-4413
2019-04-03 18:29:14
prion
prion
Memory corruption
2019-04-03 18:29:00
cvelist
cvelist
CVE-2018-4413
2019-04-03 17:43:18
nvd
nvd
CVE-2018-4413
2019-04-03 18:29:14
nessus
nessus
Apple TV < 12.1 Multiple Vulnerabilities
2018-11-02 00:00:00
macOS 10.14.x < 10.14.1 Multiple Vulnerabilities
2018-10-31 00:00:00
macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
2018-10-31 00:00:00
openvas
openvas
Apple Mac OS X Security Updates (HT209193)-02
2018-11-02 00:00:00
apple
apple
About the security content of tvOS 12.1
2018-10-30 00:00:00
About the security content of tvOS 12.1 - Apple Support
2019-01-23 08:37:05
About the security content of watchOS 5.1
2018-10-30 00:00:00