Home

CVE-2018-4302

Description

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.424

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in iCloud (7.17.0.13)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.4.76)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.0.166)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.1.14)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.2.58)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.4.80)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.5.9)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.0.166)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.1.14)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.2.58)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.2.60)Windows
Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.3.46)Windows
Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.4.76)Windows
Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.4.80)Windows
Multiple vulnerabilities fixed in Apple iTunes (X64) (12.7.5.9)Windows
Vulnerabilities CVE-2018-4302 are affected in Apple iTunes (X64) 12.6Windows
Vulnerabilities CVE-2018-4302 are affected in Apple iTunes 12.6Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.5 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-312688iCloud (7.17.0.13)
PATCH-306388Update for Apple iTunes X64 (12.7.0.166)
PATCH-306603Update for Apple iTunes X64 (12.7.1.14)
PATCH-306795Update for Apple iTunes X64 (12.7.2.58)
PATCH-306828Update for Apple iTunes X64 (12.7.2.60)
PATCH-307024Updates for Apple iTunes (X64) (12.7.3.46)
PATCH-307343Updates for Apple iTunes (X64) (12.7.4.76)
PATCH-307418Updates for Apple iTunes (X64) (12.7.4.80)
PATCH-307618Apple iTunes (X64) (12.7.5.9)
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1
PATCH-601345Security Update 2017-001 macOS High Sierra v10.13

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234