Lucene search
Juwei Lin(@panicaII) and Zhengyu Dong of TrendMicro Mobile Security TeamZDI-18-1363HistoryDec 10, 2018 - 12:00 a.m.
Apple macOS watchevent Use-After-Free Privilege Escalation Vulnerability
2018-12-1000:00:00
Juwei Lin(@panicaII) and Zhengyu Dong of TrendMicro Mobile Security Team
www.zerodayinitiative.com
13
0.002 Low
EPSS
Percentile
51.7%
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the watchevent system call. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this to escalate privileges in the context of the kernel.
References
Related
prion
prion
Memory corruption
2019-04-03 18:29:00
cve
cve
CVE-2018-4447
2019-04-03 18:29:16
cvelist
cvelist
CVE-2018-4447
2019-04-03 17:43:19
nvd
nvd
CVE-2018-4447
2019-04-03 18:29:16
openvas
openvas
Apple Mac OS X Security Updates (HT209341)-01
2018-12-06 00:00:00
nessus
nessus
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-006)
2018-12-21 00:00:00
macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-003)
2018-12-21 00:00:00
macOS 10.14.x < 10.14.2 Multiple Vulnerabilities
2018-12-21 00:00:00
apple
apple
About the security content of watchOS 5.1.2
2018-12-06 00:00:00
About the security content of tvOS 12.1.1
2018-12-05 00:00:00
About the security content of tvOS 12.1.1 - Apple Support
2019-09-17 10:45:53