← Back

CVE-2018-4478

nvd nist
Published: Dec 23, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD

Description

A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

Affected (19)

Products: Apple: Mac Os X
Apple
1 product
Mac Os X
Configuration A
19 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Mac Os X
Before 10.13.5
Mac Os X
From 10.11 to 10.11.6
Mac Os X
From 10.12 to 10.12.6
Mac Os X
Version 10.11.6
Mac Os X
Version 10.11.6 security_update_2016-001
Mac Os X
Version 10.11.6 security_update_2016-002
Mac Os X
Version 10.11.6 security_update_2016-003
Mac Os X
Version 10.11.6 security_update_2017-001
Mac Os X
Version 10.11.6 security_update_2017-002
Mac Os X
Version 10.11.6 security_update_2017-003
Mac Os X
Version 10.11.6 security_update_2017-004
Mac Os X
Version 10.11.6 security_update_2017-005
Mac Os X
Version 10.11.6 security_update_2018-001
Mac Os X
Version 10.11.6 security_update_2018-002
Mac Os X
Version 10.12.6
Mac Os X
Version 10.12.6 security_update_2017-001
Mac Os X
Version 10.12.6 security_update_2017-002
Mac Os X
Version 10.12.6 security_update_2018-001
Mac Os X
Version 10.12.6 security_update_2018-002

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: product-security@apple.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.