Lucene search
Juwei Lin(@panicaII) and Junzhi Lu of TrendMicro Mobile Security TeamZDI-18-1365HistoryDec 10, 2018 - 12:00 a.m.
Apple macOS shm Uninitialized Data Information Disclosure Vulnerability
2018-12-1000:00:00
Juwei Lin(@panicaII) and Junzhi Lu of TrendMicro Mobile Security Team
www.zerodayinitiative.com
14
0.003 Low
EPSS
Percentile
68.0%
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the shared memory module (shm). The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges in the context of the kernel.
References
Related
packetstorm
packetstorm
XNU POSIX Shared Memory Mapping Issue
2018-12-11 00:00:00
zdt
zdt
XNU POSIX Shared Memory Mapping Issue Exploit
2018-12-11 00:00:00
prion
prion
Code injection
2019-04-03 18:29:00
cvelist
cvelist
CVE-2018-4435
2019-04-03 17:43:18
nvd
nvd
CVE-2018-4435
2019-04-03 18:29:15
cve
cve
CVE-2018-4435
2019-04-03 18:29:15
openvas
openvas
Apple Mac OS X Security Updates (HT209341)-01
2018-12-06 00:00:00
nessus
nessus
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-006)
2018-12-21 00:00:00
macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-003)
2018-12-21 00:00:00
macOS 10.14.x < 10.14.2 Multiple Vulnerabilities
2018-12-21 00:00:00
apple
apple
About the security content of watchOS 5.1.2
2018-12-06 00:00:00
About the security content of tvOS 12.1.1 - Apple Support
2019-09-17 10:45:53
About the security content of tvOS 12.1.1
2018-12-05 00:00:00